The OWASP (open web application security project) is an international organization that is committed to enhancing the security of web applications. This project regularly publishes a list of the current top ten web applications security risks (vulnerabilities) worldwide. It provides a detailed report of each vulnerability, gives examples and provides suggestions on how to avoid the risk. The following are its current vulnerabilities and suggestions on how to avoid them.
- Injection flaws
- Broken authentication as well as session management
- Cross site scripting (XSS)
- Insecure direct objects references
- Security mis-configurations
- Sensitive data exposure
- Missing function-level access control
- Cross site request forgery
- Using components that have known vulnerabilities
- Invalidated redirects and forwards