Cybersecurity Background
The Global Standard for App Security

Open Worldwide Application
Security Project

OWASP is a non-profit foundation that works to improve the security of software. Through community-led open-source software projects, hundreds of local chapters, tens of thousands of members, and leading educational and training conferences, the OWASP Foundation is the source for developers and technologists to secure the web.

shield Explore the Top 10 build View Tools
2001
Year Founded
275+
Local Chapters
200+
Open Source Projects
Non-Profit
501(c)(3) Status

A01-A10 The OWASP Top 10 (2021)

The standard awareness document for developers and web application security. It represents a broad consensus about the most critical security risks to web applications. link Source

OWASP Top 10: 2021 High Severity

Broken Access Control

Restrictions on what authenticated users are allowed to do are not properly enforced.

info What is it?

Access control enforces policy such that users cannot act outside of their intended permissions. Failures typically lead to unauthorized information disclosure, modification, or destruction of all data or performing a business function outside the user's limits.

warning Example Attack

An attacker modifies the 'acct' parameter in the URL `example.com/app/accountInfo?acct=notmyacct` and can access another user's account data because the backend didn't verify if the logged-in user owns that account.

verified_user How to Prevent

Implement access control mechanisms once and re-use them throughout the application (e.g., middleware). Deny by default. Model access controls should enforce record ownership rather than assuming the user can access any record.

Flagship Projects

OWASP isn't just documents. It's powerful, free, open-source tools used by millions of security professionals.

OWASP ZAP Logo
ZAP Interface Art

OWASP ZAP

Scanner

The world's most widely used web app scanner. It acts as a "Man-in-the-middle" proxy to intercept and fuzz traffic, finding vulnerabilities automatically.

Download ZAP arrow_forward
OWASP Juice Shop Logo
Juice Shop Interface

OWASP Juice Shop

Training

Probably the most modern and sophisticated insecure web application! A gamified "learning by doing" tool where you hack a fake e-commerce store.

Start Hacking arrow_forward
hub Supply Chain Art

Dependency-Track

Supply Chain

An intelligent Component Analysis platform that allows organizations to identify and reduce risk in the software supply chain (SBOM management).

Track Dependencies arrow_forward

Test Your Knowledge

Can you identify the risks?

QUESTION 1 OF 3 SCORE: 0

What is the #1 vulnerability in the 2021 Top 10?