2018 OWASP Toolkit

We've compiled our top OWASP assets, including blog posts, videos and tip sheets to keep you "in the know" to help secure your organization from the OWASP Top Ten vulnerabilities.

OWASP Blog Posts

Read the latest about the OWASP Top Ten from our security experts. Some dive deep into the newest vulnerabilities added to the Top Ten this year, while others talk about what makes the OWASP Top Ten still relevant after all these years.

XXE - OWASP's Easily Preventable Newcomer

XML eXternal Entity injection (XXE) is an injection attack that occurs when untrusted XML input referencing an external entity is processed by a weakly configured XML parser. This attack may lead to denial of service, Server Side Request Forgery (SSRF), confidential data disclosure, and other negative impacts.  Rather than grouping XXE injection with other injection vulnerabilities (A1), OWASP decided to single this one and give it the number four spot (A4)... 
Read More >

The OWASP Top Ten 2017 - Movers & Shakers

The OWASP Top 10 has been leveraged by organizations of all sizes and maturity as an informal Web application standard for over a decade. For it to be relevant though, teams applying it need to understand the goal of the project and risk ranking techniques. The goal of the OWASP Top 10 is not necessarily to identify top vulnerabilities or attacks, but to identify the most serious risks for a broad array of organizations. This is an important distinction because... 
Read More >

OWASP Top Ten: Why it Still Matters

The OWASP Top Ten is an expert consensus of the most critical risks facing web applications and the teams who are developing them. The primary purpose is to raise awareness and provide a framework for prioritizing your application security efforts. You can use the OWASP Top 10 to address most common attacks and vulnerabilities that expose your organization to attack. Due to the importance of Application Security in reducing overall...
Read More >

SQL Injection

Another installment of our 2-minute video series, covering SQL Injection tips and tricks.

The New OWASP Top Ten

What Do You Really Need to Know?

Check out our latest tip sheet to learn more about the 3 new vulnerabilities in the Top Ten as well as those pesky incumbents that continue to wreak havoc on code even after all these years. 

Get Your Tip Sheet


Stored XSS Attacks

2-minute video examining Stored XXS Attacks: how they occur and how to prevent them.