CINXE.COM

<!DOCTYPE html> <html lang="en"> <head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1"> <meta name="description" content="The OWASP Top 10 is the reference standard for the most critical web application security risks. Adopting the OWASP Top 10 is perhaps the most effective first step towards changing your software development culture focused on producing secure code."> <meta property="og:description" content="The OWASP Top 10 is the reference standard for the most critical web application security risks. Adopting the OWASP Top 10 is perhaps the most effective first step towards changing your software development culture focused on producing secure code."> <meta propery="og:title" content="OWASP Top Ten | OWASP Foundation"> <meta property="og:url" content="https://owasp.org/www-project-top-ten/"> <meta property="og:locale" content="en_US">  <meta property="og:type" content="website" /> <meta property="og:image" content="https://owasp.org/www--site-theme/favicon.ico" /> <meta http-equiv="X-Content-Type-Options" content="nosniff"> <meta http-equiv="X-XSS-Protection" content="1; mode=block"> <link rel="canonical" href="https://owasp.org/www-project-top-ten/" />     <script src="https://owasp.org/www--site-theme/assets/js/js.cookie.min.js"></script> <script> if(Cookies.get('cookies-ok') == 'true' && window.ga === undefined) { window.ga=window.ga||function(){(ga.q=ga.q||[]).push(arguments)};ga.l=+new Date; ga('create', 'UA-4531126-1', 'auto'); ga('send', 'pageview'); } else if (Cookies.get('cookies-ok') == 'true') { ga('send', 'pageview'); } function handleOutboundLinkClicks(event) { var href = ''; if(event.target.href == undefined) href = event.target.parentElement.href; else href = event.target.href if(Cookies.get('cookies-ok') == 'true'){ ga('send', 'event', { eventCategory: 'Outbound Link', eventAction: 'click', eventLabel: href, transport: 'beacon' }); } } </script> <script async src='https://www.google-analytics.com/analytics.js'></script>  <link rel="stylesheet" href="https://owasp.org/www--site-theme/assets/css/styles.css"> <link rel="shortcut icon" type="images/x-icon" href="https://owasp.org/www--site-theme/favicon.ico"> <script src="https://owasp.org/www--site-theme/assets/js/jquery-3.7.1.min.js"></script> <script src="https://owasp.org/www--site-theme/assets/js/util.js"></script> <script src="https://owasp.org/www--site-theme/assets/js/yaml.min.js"></script> <script src="https://owasp.org/www--site-theme/assets/js/kjua.min.js"></script> <title>OWASP Top Ten | OWASP Foundation</title> <script type="text/javascript"> $(function(){ var baseurl = "https://github.com/OWASP/www-project-top-ten/blob/master/"; var path = "index.md"; $('.repo').html('<a href=' + baseurl + path + '><div class="reset-3c756112--menuItemIcon-206eb252" style="float: left;"><svg preserveAspectRatio="xMidYMid meet" height="1em" width="1em" fill="currentColor" xmlns="http://www.w3.org/2000/svg" viewBox="0 0 438.549 438.549" stroke="none" class="icon-7f6730be--text-3f89f380"><g><path d="M409.132 114.573c-19.608-33.596-46.205-60.194-79.798-79.8-33.598-19.607-70.277-29.408-110.063-29.408-39.781 0-76.472 9.804-110.063 29.408-33.596 19.605-60.192 46.204-79.8 79.8C9.803 148.168 0 184.854 0 224.63c0 47.78 13.94 90.745 41.827 128.906 27.884 38.164 63.906 64.572 108.063 79.227 5.14.954 8.945.283 11.419-1.996 2.475-2.282 3.711-5.14 3.711-8.562 0-.571-.049-5.708-.144-15.417a2549.81 2549.81 0 0 1-.144-25.406l-6.567 1.136c-4.187.767-9.469 1.092-15.846 1-6.374-.089-12.991-.757-19.842-1.999-6.854-1.231-13.229-4.086-19.13-8.559-5.898-4.473-10.085-10.328-12.56-17.556l-2.855-6.57c-1.903-4.374-4.899-9.233-8.992-14.559-4.093-5.331-8.232-8.945-12.419-10.848l-1.999-1.431c-1.332-.951-2.568-2.098-3.711-3.429-1.142-1.331-1.997-2.663-2.568-3.997-.572-1.335-.098-2.43 1.427-3.289 1.525-.859 4.281-1.276 8.28-1.276l5.708.853c3.807.763 8.516 3.042 14.133 6.851 5.614 3.806 10.229 8.754 13.846 14.842 4.38 7.806 9.657 13.754 15.846 17.847 6.184 4.093 12.419 6.136 18.699 6.136 6.28 0 11.704-.476 16.274-1.423 4.565-.952 8.848-2.383 12.847-4.285 1.713-12.758 6.377-22.559 13.988-29.41-10.848-1.14-20.601-2.857-29.264-5.14-8.658-2.286-17.605-5.996-26.835-11.14-9.235-5.137-16.896-11.516-22.985-19.126-6.09-7.614-11.088-17.61-14.987-29.979-3.901-12.374-5.852-26.648-5.852-42.826 0-23.035 7.52-42.637 22.557-58.817-7.044-17.318-6.379-36.732 1.997-58.24 5.52-1.715 13.706-.428 24.554 3.853 10.85 4.283 18.794 7.952 23.84 10.994 5.046 3.041 9.089 5.618 12.135 7.708 17.705-4.947 35.976-7.421 54.818-7.421s37.117 2.474 54.823 7.421l10.849-6.849c7.419-4.57 16.18-8.758 26.262-12.565 10.088-3.805 17.802-4.853 23.134-3.138 8.562 21.509 9.325 40.922 2.279 58.24 15.036 16.18 22.559 35.787 22.559 58.817 0 16.178-1.958 30.497-5.853 42.966-3.9 12.471-8.941 22.457-15.125 29.979-6.191 7.521-13.901 13.85-23.131 18.986-9.232 5.14-18.182 8.85-26.84 11.136-8.662 2.286-18.415 4.004-29.263 5.146 9.894 8.562 14.842 22.077 14.842 40.539v60.237c0 3.422 1.19 6.279 3.572 8.562 2.379 2.279 6.136 2.95 11.276 1.995 44.163-14.653 80.185-41.062 108.068-79.226 27.88-38.161 41.825-81.126 41.825-128.906-.01-39.771-9.818-76.454-29.414-110.049z"></path></g></svg><span style="padding-left:8px;">Edit on GitHub</span></div></a>'); }); </script> <script async defer src="https://buttons.github.io/buttons.js"></script> </head> <body class="base-grid col-sidebar"> <div id="blocker"></div> <noscript>For full functionality of this site it is necessary to enable JavaScript. Here are the <a href="http://turnonjs.com/"> instructions how to enable JavaScript in your web browser</a>.</noscript> <header role="banner"> <div id="banner" class="notice" aria-label="announcement"> </div> <style> #banner img { max-width: 30em; } @media (max-width: 1131px) { #banner img { max-width: 30em; } } @media (max-width: 800px) { #banner img { max-width: 20em; } } @media (max-width: 600px) { #banner img { max-width: 20em; } } @media (max-width: 450px) { #banner img { max-width: 250px; } } </style> <script type="text/javascript"> $(function () { var bannerdata = []; banneryaml = YAML.load('https://owasp.org/www-project-top-ten/assets/sitedata/banner-data.yml'); $.each(banneryaml, function (index) { bannerdata.push(this); }); if (bannerdata.length > 0) { var htmlstring = ""; var usebanner = null; var defbanner = null; var checkdate = new Date(); //local time but who cares about the time? bannerdata.forEach(data => { if (data.start) { var start = data.start; if (data.start <= checkdate) { if (data.end) { var end = data.end; if (checkdate < end) { usebanner = data; } } else usebanner = data; } } else { defbanner = data; } }); if (defbanner && !usebanner) usebanner = defbanner; if (usebanner) { htmlstring = usebanner.text; htmlstring += "<a href='#' id='close-banner' aria-label='close announcement' style='float:right;'><i class='fa fa-times'></i></a>"; $("#banner").html(htmlstring); $("#banner").removeClass("notice"); $("#banner").addClass(usebanner.type); $("#close-banner").click(function() { $(this).closest("#banner").remove(); Cookies.set('banner-seen', 'true', { expires: 7 }); }); } } }); </script> <div id="popup" class="notice" aria-label="announcement"> </div> <style> #banner img { max-width: 30em; } @media (max-width: 1131px) { #banner img { max-width: 30em; } } @media (max-width: 800px) { #banner img { max-width: 20em; } #popup { visibility: hidden; } } @media (max-width: 600px) { #popup { visibility: hidden; } #banner img { max-width: 20em; } } @media (max-width: 450px) { #banner img { max-width: 250px; } #popup { visibility: hidden; } } </style> <script type="text/javascript"> $(function () { var popdata = []; $("#popup").hide(); popyaml = YAML.load('https://owasp.org/www-project-top-ten/assets/sitedata/popup-data.yml'); $.each(popyaml, function (index) { popdata.push(this); }); if (popdata.length > 0) { var htmlstring = ""; var usepop = null; var defpop = null; var checkdate = new Date(); //local time but who cares about the time? popdata.forEach(data => { if (data.start) { var start = data.start; if (data.start <= checkdate) { if (data.end) { var end = data.end; if (checkdate < end) { usepop = data; } } else usepop = data; } } else { defpop = data; } }); if (defpop && !usepop) usepop = defpop; if (usepop) { htmlstring = usepop.text; htmlstring += "<a href='#' id='close-popup' aria-label='close announcement' style='float:right;'><i class='fa fa-times'></i></a>"; $("#popup").html(htmlstring); $("#popup").removeClass("notice"); $("#popup").addClass(usepop.type); if( Cookies.get('popup-seen')!='true') { $("#popup").show(); } $("#close-popup").click(function() { $(this).closest("#popup").remove(); Cookies.set('popup-seen', 'true', { expires: 7 }); }); } } }); </script> <div class="header-wrapper" aria-label="main navigation"> <nav class="alt-nav"> <a href="#" class="menu-toggler" aria-hidden="true"> <i class="fa fa-bars"></i> </a> <a href="https://owasp.org/" class="alt-logo" aria-label="go to homepage"> <img src="https://owasp.org/assets/images/logo.png" alt="OWASP logo"> </a> <div id="overlay" class="remove-el"> </div>  </nav> <nav class="top-nav" role="navigation" aria-label="primary navigation"> <a href="https://owasp.org/" class="desktop-logo" aria-label="go to homepage"> <img src="https://owasp.org/assets/images/logo.png" alt=""> </a>  <div id="midmenu" class="top-nav"></div> <div class="interactive-wrapper"> <div class="nav-button" aria-label="donate to or join OWASP"> <a href="https://owasp.org/store" class="cta-button white inset"><i class="fa fa-shopping-cart" aria-hidden="true"></i> Store</a> <a href="https://owasp.org/donate?reponame=www-project-top-ten&title=OWASP+Top+Ten" class="cta-button green">Donate</a> <a href="https://owasp.org/membership" class="cta-button">Join</a> </div> </div> </nav> <div id='disclaimer-container'> <div id="disclaimer"> <p>This website uses cookies to analyze our traffic and only share that information with our analytics partners.</p><a class="disclaimerOK">Accept</a> </div> <div id="close-disclaimer">x</div> </div> </div> <div class="mobile" style="width:100%;display: flex; justify-content: space-evenly;align-items: center;padding: 8px; background-color: #98afc7;"> <div><a href="https://owasp.org/store" class="cta-button white inset"><i class="fa fa-shopping-cart" aria-hidden="true"></i>Store</a></div> <div><a href="https://owasp.org/donate?reponame=www-project-top-ten&title=OWASP+Top+Ten" class="cta-button green">Donate</a></div> <div><a href="https://owasp.org/membership" class="cta-button">Join</a></div> </div> <script type="text/javascript"> $(function(){ url = $(location).attr('href'); if(url.includes('www2')) { url = url.replace(/www2./, ''); $(location).attr('href',url); return; } // this works to get data from a json file NOT in data $.getJSON("https://owasp.org/www--site-theme/assets/sitedata/menus.json", function(data) { var listr = "<ul aria-label='header menu'>"; var mlistr = "<ul class='mobile-menu hide-el' role='navigation' aria-label='mobile primary navigation'>"; mlistr += "<li><a href='#' class='menu-toggler' aria-hidden='true'><i class='fa fa-times'></i></a></li>"; mlistr += "<li>"; mlistr += "<form role='search' method='get' action='https://owasp.org/search'>"; mlistr += "<div class='search-div'>"; mlistr += "<input id='searchString' aria-label='search input' name='searchString' class='search-bar' type='search' placeholder='Search OWASP.org' required='true'>"; mlistr += "<button id='search-button' aria-label='search button' type='submit' class='fa fa-search' style='padding-left: 8px;'></button></div></form>"; mlistr += "</li>"; $.each(data.menus, function (ndx, menu){ listr += "<li><a href='" + menu.url + "'>" + menu.title + "</a>"; searchitem = issearch(menu.title); if(!menu.items && !searchitem) { mlistr += "<li><a href='" + menu.url + "'>" + menu.title + "</a>"; } if(menu.items){ listr += "<ul class='dropdown-menu'>"; if(!searchitem) { mlistr += "<button class='accordion'>" + menu.title + "</button>"; mlistr += "<div class='panel'>"; mlistr += "<ul>"; } $.each(menu.items, function(ndx, item){ if(item.separator) { listr += "<li class='separator'>"; if(!searchitem) mlistr += "<li class='separator'>"; } else { listr += "<li>"; if(!searchitem) mlistr += "<li>"; } listr += "<a href='" + item.url + "'"; if(!searchitem) mlistr += "<a href='" + item.url + "'"; if(item.opentab) { listr += " target='_blank' rel='noopener noreferrer'"; if(!searchitem) mlistr += " target='_blank' rel='noopener noreferrer'"; } listr += ">" + item.title + "</a></li>"; if(!searchitem) mlistr += ">" + item.title + "</a></li>"; }); listr += "</ul>"; if(!searchitem){ mlistr += "</ul>"; mlistr += "</div>"; } } listr += "</li>"; if(!searchitem) mlistr += "</li>"; }); listr += "</ul>"; mlistr += "<li><a href='https://owasp.org/donate'>MAKE A DONATION</a></li>"; mlistr += "<li><a href='https://owasp.org/membership'>BECOME A MEMBER</a></li>"; mlistr += "<li><a href='https://owasp.org/sitemap'>SITEMAP</a></li>"; mlistr += "</ul>"; //$('.desktop-logo').after(listr); $('#midmenu').html(listr); $('#overlay').after(mlistr); $(".accordion").click(function () { $(this).toggleClass("active"); if($(this).next('.panel').css('display') == 'block'){ $(this).next('.panel').css('display', 'none'); } else { $(this).next('.panel').css('display', 'block'); } }); $(".menu-toggler").click(function() { $(".mobile-menu").toggleClass('hide-el'); }); }); }); function issearch(title) { return title.indexOf('fa fa-search') > -1; } </script> </header> <main role="main"> <div class="main-wrapper"> <nav class="sub-nav" role="navigation" aria-label="navigate page tabs"> <ul role="tablist"> <li> <a href="#div-main" id="main-link" class="tab-link current" role="tab" aria-selected="true" aria-controls="main">Main</a> </li> <li> <a href="#div-translation_efforts" id="translation_efforts-link" class="tab-link" role="tab" aria-selected="false" aria-controls="translation_efforts">Translation Efforts</a> </li> <li> <a href="#div-sponsors" id="sponsors-link" class="tab-link" role="tab" aria-selected="false" aria-controls="sponsors">Sponsors</a> </li> <li> <a href="#div-data_2025" id="data_2025-link" class="tab-link" role="tab" aria-selected="false" aria-controls="data_2025">Data 2025</a> </li> </ul> </nav> <script type='text/javascript'> $(function() { if(window.location.href.indexOf('#') != -1) { divid = window.location.href.substring(window.location.href.indexOf('#')) secid = divid; if(divid.indexOf('div-') >= 0) { $('.tab-link').each(function () { divid = '#sec-' + $(this).attr('id').toLowerCase().replace('-link', ''); $(divid).addClass('tab-hidden'); $(this).removeClass('current'); }); secid = secid.replace('div-', 'sec-'); $(secid).removeClass('tab-hidden'); linkid = "#" + secid.substring(secid.indexOf('-') + 1) + "-link"; $(linkid).addClass('current'); } } }); $('.tab-link').click(function (e) { e.preventDefault(); $('.tab-link').each(function () { $(this).removeClass('current'); divid = '#sec-' + $(this).attr('id').toLowerCase().replace('-link', ''); $(divid).addClass('tab-hidden'); }); divid = '#sec-' + $(this).attr('id').toLowerCase().replace('-link', ''); $(this).addClass('current'); $(divid).removeClass('tab-hidden'); return false; }); </script> <h1 class="page-title">OWASP Top Ten</h1> <div id="main" class="page-body tab" role="tabpanel" aria-labelledby="main-link" tabindex="0"> <section id='sec-main' class='page-body'> <h2 id="important-note">Important note:</h2> <h3 id="owasp-top-ten-2025">OWASP Top Ten 2025</h3> <p>Current project status as of September 2024:</p> <ul> <li>We are planning to announce the release of the <strong>OWASP Top 10:2025</strong> in the first half of 2025.</li> <li><strong>Data Collection (Now - December 2024)</strong>: Please donate your application penetration testing statistics.</li> </ul> <p><a href="https://www.owasptopten.org/">Stay Tuned!</a></p> <hr /> <p>The OWASP Top 10 is a standard awareness document for developers and web application security. It represents a broad consensus about the most critical security risks to web applications.</p> <p class="callout-mono right">Globally recognized by developers as the first step towards more secure coding.</p> <p>Companies should adopt this document and start the process of ensuring that their web applications minimize these risks. Using the OWASP Top 10 is perhaps the most effective first step towards changing the software development culture within your organization into one that produces more secure code.<br /> <br /></p> <h2 id="top-10-web-application-security-risks">Top 10 Web Application Security Risks</h2> <p>There are three new categories, four categories with naming and scoping changes, and some consolidation in the Top 10 for 2021.</p> <p><img src="/www-project-top-ten/assets/images/mapping.png" alt="Mapping" /></p> <ul> <li><a href="https://owasp.org/Top10/A01_2021-Broken_Access_Control/"><strong>A01:2021-Broken Access Control</strong></a> moves up from the fifth position; 94% of applications were tested for some form of broken access control. The 34 Common Weakness Enumerations (CWEs) mapped to Broken Access Control had more occurrences in applications than any other category.</li> <li><a href="https://owasp.org/Top10/A02_2021-Cryptographic_Failures/"><strong>A02:2021-Cryptographic Failures</strong></a> shifts up one position to #2, previously known as Sensitive Data Exposure, which was broad symptom rather than a root cause. The renewed focus here is on failures related to cryptography which often leads to sensitive data exposure or system compromise.</li> <li><a href="https://owasp.org/Top10/A03_2021-Injection/"><strong>A03:2021-Injection</strong></a> slides down to the third position. 94% of the applications were tested for some form of injection, and the 33 CWEs mapped into this category have the second most occurrences in applications. Cross-site Scripting is now part of this category in this edition.</li> <li><a href="https://owasp.org/Top10/A04_2021-Insecure_Design/"><strong>A04:2021-Insecure Design</strong></a> is a new category for 2021, with a focus on risks related to design flaws. If we genuinely want to “move left” as an industry, it calls for more use of threat modeling, secure design patterns and principles, and reference architectures.</li> <li><a href="https://owasp.org/Top10/A05_2021-Security_Misconfiguration/"><strong>A05:2021-Security Misconfiguration</strong></a> moves up from #6 in the previous edition; 90% of applications were tested for some form of misconfiguration. With more shifts into highly configurable software, it’s not surprising to see this category move up. The former category for XML External Entities (XXE) is now part of this category.</li> <li><a href="https://owasp.org/Top10/A06_2021-Vulnerable_and_Outdated_Components/"><strong>A06:2021-Vulnerable and Outdated Components</strong></a> was previously titled Using Components with Known Vulnerabilities and is #2 in the Top 10 community survey, but also had enough data to make the Top 10 via data analysis. This category moves up from #9 in 2017 and is a known issue that we struggle to test and assess risk. It is the only category not to have any Common Vulnerability and Exposures (CVEs) mapped to the included CWEs, so a default exploit and impact weights of 5.0 are factored into their scores.</li> <li><a href="https://owasp.org/Top10/A07_2021-Identification_and_Authentication_Failures/"><strong>A07:2021-Identification and Authentication Failures</strong></a> was previously Broken Authentication and is sliding down from the second position, and now includes CWEs that are more related to identification failures. This category is still an integral part of the Top 10, but the increased availability of standardized frameworks seems to be helping.</li> <li><a href="https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/"><strong>A08:2021-Software and Data Integrity Failures</strong></a> is a new category for 2021, focusing on making assumptions related to software updates, critical data, and CI/CD pipelines without verifying integrity. One of the highest weighted impacts from Common Vulnerability and Exposures/Common Vulnerability Scoring System (CVE/CVSS) data mapped to the 10 CWEs in this category. Insecure Deserialization from 2017 is now a part of this larger category.</li> <li><a href="https://owasp.org/Top10/A09_2021-Security_Logging_and_Monitoring_Failures/"><strong>A09:2021-Security Logging and Monitoring Failures</strong></a> was previously Insufficient Logging & Monitoring and is added from the industry survey (#3), moving up from #10 previously. This category is expanded to include more types of failures, is challenging to test for, and isn’t well represented in the CVE/CVSS data. However, failures in this category can directly impact visibility, incident alerting, and forensics.</li> <li><a href="https://owasp.org/Top10/A10_2021-Server-Side_Request_Forgery_%28SSRF%29/"><strong>A10:2021-Server-Side Request Forgery</strong></a> is added from the Top 10 community survey (#1). The data shows a relatively low incidence rate with above average testing coverage, along with above-average ratings for Exploit and Impact potential. This category represents the scenario where the security community members are telling us this is important, even though it’s not illustrated in the data at this time.</li> </ul> </section> <section id='sec-translation_efforts' class='page-body tab-hidden'> <hr /> <h1 id="translation-efforts">Translation Efforts</h1> <p>Efforts have been made in numerous languages to translate the OWASP Top 10 - 2021. If you are interested in helping, please contact the members of the team for the language you are interested in contributing to, or if you don’t see your language listed (neither here nor at <a href="https://github.com/OWASP/Top10/issues?utf8=%E2%9C%93&q=is%3Aissue">github</a>), please email <a href="/cdn-cgi/l/email-protection" class="__cf_email__" data-cfemail="81eef6e0f2f1acf5eef1f5e4efc1ede8f2f5f2afeef6e0f2f1afeef3e6">[email protected]</a> to let us know that you want to help and we’ll form a volunteer group for your language. We have compiled this <a href="https://github.com/OWASP/Top10/tree/master/2021#translating-the-owasp-top-10-2021">readme</a> with some hints to help you with your translation.</p> <h3 id="top102021-completed-translations">Top10:2021 Completed Translations:</h3> <ul> <li><a href="https://owasp.org/Top10/ar/"><b>ar - العربية</b></a></li> <li><a href="https://owasp.org/Top10/es/"><b>es - Español</b></a></li> <li><a href="https://owasp.org/Top10/fr/"><b>fr - Français</b></a></li> <li><a href="https://owasp.org/Top10/id/"><b>id - Indonesian</b></a></li> <li><a href="https://owasp.org/Top10/it/"><b>it - Italiano</b></a></li> <li><a href="https://owasp.org/Top10/ja/"><b>ja - 日本語]</b></a></li> <li><a href="https://owasp.org/Top10/pt_BR/"><b>pt_BR - Português (Brasil)</b></a></li> <li><a href="https://owasp.org/Top10/zh_CN/"><b>zh_CN - 简体中文</b></a></li> <li><a href="https://owasp.org/Top10/zh_TW/"><b>zh_TW - 繁體中文</b></a></li> </ul> <h2 id="historic">Historic:</h2> <h3 id="top102017-completed-translations">Top10:2017 Completed Translations:</h3> <ul> <li><b>Chinese:</b> <a href="https://wiki.owasp.org/?title=Special:Redirect/file/OWASP_Top_10_2017_%E4%B8%AD%E6%96%87%E7%89%88v1.3.pdf">OWASP Top 10-2017 - 中文版（PDF)</a><br /> <ul> <li>项目组长：<a href="https://wiki.owasp.org/index.php/User:Jie_Wang">王颉</a>（<a href="/cdn-cgi/l/email-protection" class="__cf_email__" data-cfemail="fc8b9d929b96bc938b9d8f8cd2938e9bd29f92">[email protected]</a>）</li> <li>翻译人员：陈亮、王厚奎、王颉、王文君、王晓飞、吴楠、徐瑞祝、夏天泽、杨璐、张剑钟、赵学文（排名不分先后，按姓氏拼音排列）</li> <li>审查人员：Rip、包悦忠、李旭勤、杨天识、张家银（排名不分先后，按姓氏拼音排列）</li> <li>汇编人员：赵学文</li> </ul> </li> <li><b>French:</b> <a href="https://github.com/OWASP/Top10/tree/master/2017/fr">OWASP Top 10 2017 in French (Git/Markdown)</a></li> <li><b>German:</b> <a href="https://wiki.owasp.org/?title=Special:Redirect/file/OWASP_Top_10-2017_de_V1.0.pdf">OWASP Top 10 2017 in German V1.0 (Pdf)</a> <a href="2017/de/">(web pages)</a><br />compiled by Christian Dresen, Alexios Fakos, Louisa Frick, Torsten Gigler, Tobias Glemser, Dr. Frank Gut, Dr. Ingo Hanke, Dr. Thomas Herzog, Dr. Markus Koegel, Sebastian Klipper, Jens Liebau, Ralf Reinhardt, Martin Riedel, Michael Schaefer</li> <li><b>Hebrew:</b> <a href="https://wiki.owasp.org/?title=Special:Redirect/file/OWASP-Top-10-2017-he.pdf">OWASP Top 10-2017 - Hebrew (PDF)</a> <a href="https://wiki.owasp.org/?title=Special:Redirect/file/OWASP-Top-10-2017-he.pptx">(PPTX)</a><br />translated by Eyal Estrin (Twitter: @eyalestrin) and Omer Levi Hevroni (Twitter: @omerlh).</li> <li><b>Japanese:</b> <a href="https://wiki.owasp.org/?title=Special:Redirect/file/OWASP_Top_10-2017%28ja%29.pdf">OWASP Top 10-2017 - 日本語版 (PDF)</a><br /> translated and reviewed by Akitsugu ITO, Albert Hsieh, Chie TAZAWA, Hideko IGARASHI, Hiroshi TOKUMARU, Naoto KATSUMI, Riotaro OKADA, Robert DRACEA, Satoru TAKAHASHI, Sen UENO, Shoichi NAKATA, Takanori NAKANOWATARI ,Takanori ANDO, Tomohiro SANAE.</li> <li><b>Korean:</b> <a href="https://wiki.owasp.org/?title=Special:Redirect/file/OWASP_Top_10-2017-ko.pdf">OWASP Top 10-2017 - 한글 (PDF)</a> <a href="https://wiki.owasp.org/?title=Special:Redirect/file/OWASP_Top_10-2017-ko.pptx">(PPTX)</a><br /> 번역 프로젝트 관리 및 감수 : 박형근(Hyungkeun Park) / 감수(ㄱㄴㄷ순) : 강용석(YongSeok Kang), 박창렴(Park Changryum), 조민재(Johnny Cho) / 편집 및 감수 : 신상원(Shin Sangwon) / 번역(ㄱㄴㄷ순) : 김영하(Youngha Kim), 박상영(Sangyoung Park), 이민욱(MinWook Lee), 정초아(JUNG CHOAH), 조광렬(CHO KWANG YULL), 최한동(Handong Choi)</li> <li><b>Portuguese:</b> <a href="https://wiki.owasp.org/?title=Special:Redirect/file/OWASP_Top_10-2017-pt_pt.pdf">OWASP Top 10 2017 - Portuguese (PDF)</a> <a href="https://github.com/OWASP/Top10/raw/master/2017/OWASP%20Top%2010-2017-pt_pt.odp">(ODP)</a><br /> translated by Anabela Nogueira, Carlos Serrão, Guillaume Lopes, João Pinto, João Samouco, Kembolle A. Oliveira, Paulo A. Silva, Ricardo Mourato, Rui Silva, Sérgio Domingues, Tiago Reis, Vítor Magano.</li> <li><b>Russian:</b> <a href="https://wiki.owasp.org/?title=Special:Redirect/file/OWASP Top 10-2017-ru.pdf">OWASP Top 10-2017 - на русском языке (PDF)</a><br /> translated and reviewed by JZDLin (<a href="https://github.com/JZDLin">@JZDLin</a>), Oleksii Skachkov (<a href="https://github.com/hamster4n">@hamster4n</a>), Ivan Kochurkin (<a href="https://github.com/KvanTTT">@KvanTTT</a>) and <a href="https://wiki.owasp.org/index.php/User:Taras_Ivashchenko">Taras Ivashchenko</a></li> <li><b>Spanish:</b> <a href="https://wiki.owasp.org/?title=Special:Redirect/file/OWASP-Top-10-2017-es.pdf">OWASP Top 10-2017 - Español (PDF)</a><br /> <ul> <li><a href="https://wiki.owasp.org/index.php/User:Gerardo_Canedo">Gerardo Canedo</a>（<a href="/cdn-cgi/l/email-protection" class="__cf_email__" data-cfemail="195e7c6b786b7d76375a78777c7d7659766e786a6937766b7e">[email protected]</a> - [Twitter: @GerardoMCanedo])</li> <li><a href="https://wiki.owasp.org/index.php/User:Cristian_Borghello">Cristian Borghello</a>（<a href="/cdn-cgi/l/email-protection" class="__cf_email__" data-cfemail="9eddecf7edeaf7fff0b0dcf1ecf9f6fbf2f2f1def1e9ffedeeb0f1ecf9">[email protected]</a> - [Twitter: @seguinfo])</li> </ul> </li> </ul> <h3 id="top102017-release-candidate-translation-teams">Top10:2017 Release Candidate Translation Teams:</h3> <ul> <li>Azerbaijanian: Rashad Aliyev (<a href="/cdn-cgi/l/email-protection" class="__cf_email__" data-cfemail="f98b988a91989db99895909c8fd790979f96">[email protected]</a>) </li> <li>Chinese RC2:Rip、包悦忠、李旭勤、王颉、王厚奎、吴楠、徐瑞祝、夏天泽、张家银、张剑钟、赵学文(排名不分先后，按姓氏拼音排列) <a href="https://www.owasp.org/images/d/d6/OWASP_Top_10_2017%EF%BC%88RC2%EF%BC%89%E4%B8%AD%E6%96%87%E7%89%88%EF%BC%88%E5%8F%91%E5%B8%83%E7%89%88%EF%BC%89.pdf">OWASP Top10 2017 RC2 - Chinese PDF</a></li> <li>French: Ludovic Petit: <a href="/cdn-cgi/l/email-protection" class="__cf_email__" data-cfemail="e9a59c8d869f808ac7b98c9d809da9869e889a99c7869b8e">[email protected]</a>, Sébastien Gioria: <a href="/cdn-cgi/l/email-protection" class="__cf_email__" data-cfemail="e1b2848380929588848fcfa6888e938880a18e96809291cf8e9386">[email protected]</a>.</li> <li>Others to be listed.</li> </ul> <h3 id="top102013-completed-translations">Top10:2013 Completed Translations:</h3> <ul> <li>Arabic: <a href="https://www.owasp.org/images/6/6a/OWASP_TOP_10_2013_Arabic.pdf">OWASP Top 10 2013 - Arabic PDF</a><br />Translated by: Mohannad Shahat: <a href="/cdn-cgi/l/email-protection" class="__cf_email__" data-cfemail="8bc6e4e3eae5e5eaefa5d8e3eae3eaffcbe4fceaf8fba5e4f9ec">[email protected]</a>, Fahad: @SecurityArk, Abdulellah Alsaheel: <a href="/cdn-cgi/l/email-protection" class="__cf_email__" data-cfemail="97f4e4b9e4f6fff2f2fbd7f0faf6fefbb9f4f8fa">[email protected]</a>, Khalifa Alshamsi: <a href="/cdn-cgi/l/email-protection" class="__cf_email__" data-cfemail="3d76554e0c0b0c057d5a505c5451135e5250">[email protected]</a> and Sabri(KING SABRI): <a href="/cdn-cgi/l/email-protection" class="__cf_email__" data-cfemail="53383a3d347d203231213a13343e323a3f7d303c3e">[email protected]</a>, Mohammed Aldossary: <a href="/cdn-cgi/l/email-protection" class="__cf_email__" data-cfemail="c8a5a7a0a9a5a5adace6a9a4aca7bbbba9bab188a7bfa9bbb8e6a7baaf">[email protected]</a></li> <li>Chinese 2013：中文版2013 <a href="https://www.owasp.org/images/5/51/OWASP_Top_10_2013-Chinese-V1.2.pdf">OWASP Top 10 2013 - Chinese (PDF)</a>.<br />项目组长： Rip、王颉，参与人员：陈亮、顾庆林、胡晓斌、李建蒙、王文君、杨天识、张在峰</li> <li>Czech 2013: <a href="https://www.owasp.org/images/f/f3/OWASP_Top_10_-_2013_Final_-_Czech_V1.1.pdf">OWASP Top 10 2013 - Czech (PDF)</a> <a href="https://www.owasp.org/images/0/02/OWASP_Top_10_-_2013_Final_-_Czech_V1.1.pptx">OWASP Top 10 2013 - Czech (PPTX)</a><br />CSIRT.CZ - CZ.NIC, z.s.p.o. (.cz domain registry): Petr Zavodsky: <a href="/cdn-cgi/l/email-protection" class="__cf_email__" data-cfemail="95e5f0e1e7bbeff4e3faf1e6feecd5fae2f4e6e5bbfae7f2">[email protected]</a>, Vaclav Klimes, Zuzana Duracinska, Michal Prokop, Edvard Rejthar, Pavel Basta</li> <li>French 2013: <a href="https://torage.googleapis.com/google-code-archive-downloads/v2/code.google.com/owasptop10/OWASP%20Top%2010%20-%202013%20-%20French.pdf">OWASP Top 10 2013 - French PDF</a><br />Ludovic Petit: <a href="/cdn-cgi/l/email-protection" class="__cf_email__" data-cfemail="2b675e4f445d4248057b4e5f425f6b445c4a585b0544594c">[email protected]</a>, Sébastien Gioria: <a href="/cdn-cgi/l/email-protection" class="__cf_email__" data-cfemail="cb98aea9aab8bfa2aea5e58ca2a4b9a2aa8ba4bcaab8bbe5a4b9ac">[email protected]</a>, Erwan Abgrall: <a href="/cdn-cgi/l/email-protection" class="__cf_email__" data-cfemail="0b6c3f673f6f7962664b6c666a626725686466">[email protected]</a>, Benjamin Avet: <a href="/cdn-cgi/l/email-protection" class="__cf_email__" data-cfemail="ef8d8a81858e828681c18e998a9baf88828e8683c18c8082">[email protected]</a>, Jocelyn Aubert: <a href="/cdn-cgi/l/email-protection" class="__cf_email__" data-cfemail="e983868a8c859087c7889c8b8c9b9da9869e889a99c7869b8e">[email protected]</a>, Damien Azambour: <a href="/cdn-cgi/l/email-protection" class="__cf_email__" data-cfemail="5d393c30343833733c273c303f32282f3a1d322a3c2e2d73322f3a">[email protected]</a>, Aline Barthelemy: <a href="/cdn-cgi/l/email-protection" class="__cf_email__" data-cfemail="afcec3c6c1ca81cdcedddbc7cac3cac2d6efc9dd81cecdcd81ccc0c2">[email protected]</a>, Moulay Abdsamad Belghiti: <a href="/cdn-cgi/l/email-protection" class="__cf_email__" data-cfemail="96f7f4f2e5f7fbf7f2b8f4f3faf1feffe2ffd6f1fbf7fffab8f5f9fb">[email protected]</a>, Gregory Blanc: <a href="/cdn-cgi/l/email-protection" class="__cf_email__" data-cfemail="e4839681838b969dca8688858a87a48389858d88ca878b89">[email protected]</a>, Clément Capel: <a href="/cdn-cgi/l/email-protection" class="__cf_email__" data-cfemail="0467686169616a702a6765746168447762762a676b69">[email protected]</a>, Etienne Capgras: <a href="/cdn-cgi/l/email-protection" class="__cf_email__" data-cfemail="11546578747f7f743f7270617663706251627e7d64727e7c3f7763">[email protected]</a>, Julien Cayssol: <a href="/cdn-cgi/l/email-protection" class="__cf_email__" data-cfemail="3a504f56535f547a5b4b4d4014595557">[email protected]</a>, Antonio Fontes: <a href="/cdn-cgi/l/email-protection" class="__cf_email__" data-cfemail="1978776d76777076377f76776d7c6a59766e786a6937766b7e">[email protected]</a>, Ely de Travieso: <a href="/cdn-cgi/l/email-protection" class="__cf_email__" data-cfemail="5b1e3722753f3e2f293a2d323e28341b342c3a282b7534293c">[email protected]</a>, Nicolas Grégoire: <a href="/cdn-cgi/l/email-protection" class="__cf_email__" data-cfemail="a2cccbc1cdcec3d18cc5d0c7c5cdcbd0c7e2c3c5c3d0d0cb8cc4d0">[email protected]</a>, Valérie Lasserre: <a href="/cdn-cgi/l/email-protection" class="__cf_email__" data-cfemail="0274636e67706b672c6e6371716770706742656f7a2c6470">[email protected]</a>, Antoine Laureau: <a href="/cdn-cgi/l/email-protection" class="__cf_email__" data-cfemail="eb8a859f8482858ec5878a9e998e8a9eab849c8a989bc584998c">[email protected]</a>, Guillaume Lopes: <a href="/cdn-cgi/l/email-protection" class="__cf_email__" data-cfemail="ee82819e8b9dc0899b8782828f9b838bae889c8b8bc0889c">[email protected]</a>, Gilles Morain: <a href="/cdn-cgi/l/email-protection" class="__cf_email__" data-cfemail="22454b4e4e47510c4f4d50434b4c62454f434b4e0c414d4f">[email protected]</a>, Christophe Pekar: <a href="/cdn-cgi/l/email-protection" class="__cf_email__" data-cfemail="f19299839882859e819994df81949a9083b19e86908281df9e8396">[email protected]</a>, Olivier Perret: <a href="/cdn-cgi/l/email-protection" class="__cf_email__" data-cfemail="ec9c899e9e89989fac8a9e8989c28a9e">[email protected]</a>, Michel Prunet: <a href="/cdn-cgi/l/email-protection" class="__cf_email__" data-cfemail="91fcf8f2f9f4fdbfe1e3e4fff4e5d1fee6f0e2e1bffee3f6">[email protected]</a>, Olivier Revollat: <a href="/cdn-cgi/l/email-protection" class="__cf_email__" data-cfemail="116374677e7d7d706551767c70787d3f727e7c">[email protected]</a>, Aymeric Tabourin: <a href="/cdn-cgi/l/email-protection" class="__cf_email__" data-cfemail="6001190d051209034e1401020f1512090e200f12010e07054e030f0d">[email protected]</a></li> <li>German 2013: <a href="https://wiki.owasp.org/?title=Special:Redirect/file/OWASP_Top_10_2013_DE_Version_1_0.pdf">OWASP Top 10 2013 - German PDF</a><br /><a href="/cdn-cgi/l/email-protection" class="__cf_email__" data-cfemail="30445f400100705f475143401e5455">[email protected]</a> which is Frank Dölitzscher, Torsten Gigler, Tobias Glemser, Dr. Ingo Hanke, Thomas Herzog, <a href="https://wiki.owasp.org/index.php/User:Kai_Jendrian">Kai Jendrian</a>, <a href="https://wiki.owasp.org/index.php/User:Ralf_Reinhardt">Ralf Reinhardt</a>, Michael Schäfer</li> <li>Hebrew 2013: <a href="https://wiki.owasp.org/index.php/OWASP_Top10_Hebrew">OWASP Top 10 2013 - Hebrew</a> <a href="https://www.owasp.org/images/1/1b/OWASP_Top_10_2013-Hebrew.pdf">PDF</a><br />Translated by: Or Katz, Eyal Estrin, Oran Yitzhak, Dan Peled, Shay Sivan.</li> <li>Italian 2013: <a href="https://www.owasp.org/images/c/c9/OWASP_Top_10_-_2013_-_Italiano.pdf">OWASP Top 10 2013 - Italian PDF</a><br />Translated by: Michele Saporito: <a href="/cdn-cgi/l/email-protection" class="__cf_email__" data-cfemail="ea87c4998b9a8598839e85ddaa8d878b8386c4898587">[email protected]</a>, Paolo Perego: <a href="/cdn-cgi/l/email-protection" class="__cf_email__" data-cfemail="3c4854594f4c0c525b597c534b5d4f4c12534e5b">[email protected]</a>, Matteo Meucci: <a href="/cdn-cgi/l/email-protection" class="__cf_email__" data-cfemail="1974786d6d7c7637747c6c7a7a7059766e786a6937766b7e">[email protected]</a>, Sara Gallo: <a href="/cdn-cgi/l/email-protection" class="__cf_email__" data-cfemail="bccfddcedd92dbddd0d0d3fcdbd1ddd5d092dfd3d1">[email protected]</a>, Alessandro Guido: <a href="/cdn-cgi/l/email-protection" class="__cf_email__" data-cfemail="2e4f424b566e5d4b4d5b5c475a574f4a4a474d5a4b4a004d4143">[email protected]</a>, Mirko Guido Spezie: <a href="/cdn-cgi/l/email-protection" class="__cf_email__" data-cfemail="365b5f445d597652574f43185f42">[email protected]</a>, Giuseppe Di Cesare: <a href="/cdn-cgi/l/email-protection" class="__cf_email__" data-cfemail="55323c2026302525307b313c3630263427301534393c36307b3c21">[email protected]</a>, Paco Schiaffella: <a href="/cdn-cgi/l/email-protection" class="__cf_email__" data-cfemail="8cffefe4e5edeaeae9e0e0edccebe1ede5e0a2efe3e1">[email protected]</a>, Gianluca Grasso: <a href="/cdn-cgi/l/email-protection" class="__cf_email__" data-cfemail="385f5159565c574d785f55595154165b5755">[email protected]</a>, Alessio D’Ospina: <a href="/cdn-cgi/l/email-protection" class="__cf_email__" data-cfemail="4928252c3a3a20262d263a092e24282025672a2624">[email protected]</a>, Loredana Mancini: <a href="/cdn-cgi/l/email-protection" class="__cf_email__" data-cfemail="80eceff2e5e4e1eee1aeede1eee3e9eee9c0e2f5f3e9eee5f3f3ade5aee9f4">[email protected]</a>, Alessio Petracca: <a href="/cdn-cgi/l/email-protection" class="__cf_email__" data-cfemail="43222f2630302a2c6d332637312220202203242e222a2f6d202c2e">[email protected]</a>, Giuseppe Trotta: <a href="/cdn-cgi/l/email-protection" class="__cf_email__" data-cfemail="17707e6263657863637657707a767e7b3974787a">[email protected]</a>, Simone Onofri: <a href="/cdn-cgi/l/email-protection" class="__cf_email__" data-cfemail="196a707476777c377677767f6b70597e74787075377a7674">[email protected]</a>, Francesco Cossu: <a href="/cdn-cgi/l/email-protection" class="__cf_email__" data-cfemail="1a727b77786f79717f685a7d777b737634797577">[email protected]</a>, Marco Lancini: <a href="/cdn-cgi/l/email-protection" class="__cf_email__" data-cfemail="ea878b988985c4868b8489838483c48786aa8d878b8386c4898587">[email protected]</a>, Stefano Zanero: <a href="/cdn-cgi/l/email-protection" class="__cf_email__" data-cfemail="691308070c1b06290c050c1d4719060500040047001d">[email protected]</a>, Giovanni Schmid: <a href="/cdn-cgi/l/email-protection" class="__cf_email__" data-cfemail="63040a0c15020d0d0a4d10000b0e0a07230d024d0a0002114d000d114d0a17">[email protected]</a>, Igor Falcomata’: <a href="/cdn-cgi/l/email-protection" class="__cf_email__" data-cfemail="264d49444766554f4d5354435c5c4708495441">[email protected]</a></li> <li>Japanese 2013: <a href="https://www.owasp.org/images/7/79/OWASP_Top_10_2013_JPN.pdf">OWASP Top 10 2013 - Japanese PDF</a><br />Translated by: Chia-Lung Hsieh: ryusuke.tw(at)gmail.com, Reviewed by: Hiroshi Tokumaru, Takanori Nakanowatari</li> <li>Korean 2013: <a href="https://www.owasp.org/images/2/2c/OWASP_Top_10_-_2013_Final_-_Korean.pdf">OWASP Top 10 2013 - Korean PDF</a> (이름가나다순)<br />김병효:<a href="/cdn-cgi/l/email-protection" class="__cf_email__" data-cfemail="47253e283229202f3e28692c2e2a07283026343769283520">[email protected]</a>, 김지원:<a href="/cdn-cgi/l/email-protection" class="__cf_email__" data-cfemail="7e1417091110501517133e11091f0d0e50110c50150c">[email protected]</a>, 김효근:<a href="/cdn-cgi/l/email-protection" class="__cf_email__" data-cfemail="e78c869392958ea78c869392958ec98c95">[email protected]</a>, 박정훈:<a href="/cdn-cgi/l/email-protection" class="__cf_email__" data-cfemail="a4dcc1c8cdcbcae4c3c9c5cdc88ac7cbc9">[email protected]</a>, 성영모:<a href="/cdn-cgi/l/email-protection" class="__cf_email__" data-cfemail="fb82948e959c9694d5889e94959cbb948c9a888bd59489d59089">[email protected]</a>, 성윤기:<a href="/cdn-cgi/l/email-protection" class="__cf_email__" data-cfemail="e49d918a81ca97918a83a48b93859794ca8b9683">[email protected]</a>, 송보영:<a href="/cdn-cgi/l/email-protection" class="__cf_email__" data-cfemail="4f2d2036203a2128613c2021280f20382e3c3f61203d61243d">[email protected]</a>, 송창기:<a href="/cdn-cgi/l/email-protection" class="__cf_email__" data-cfemail="dcbabdbfa8b3aeeb9cb2bdaab9aef2bfb3b1">[email protected]</a>, 유정호:<a href="/cdn-cgi/l/email-protection" class="__cf_email__" data-cfemail="6502170c150d0c165252250208040c094b060a08">[email protected]</a>, 장상민:<a href="/cdn-cgi/l/email-protection" class="__cf_email__" data-cfemail="0172606f666c686f2f6b606f66416e766072712f6e732f6a73">[email protected]</a>, 전영재:<a href="/cdn-cgi/l/email-protection" class="__cf_email__" data-cfemail="aed7c1dbc0c9c4cfcb80c4cbc1c0eec1d9cfddde80c1dcc9">[email protected]</a>, 정가람:<a href="/cdn-cgi/l/email-protection" class="__cf_email__" data-cfemail="3d495a5e5c4f4f52497d5a505c5451135e5250">[email protected]</a>, 정홍순:<a href="/cdn-cgi/l/email-protection" class="__cf_email__" data-cfemail="f993918acecbc1b99e94989095d79a9694">[email protected]</a>, 조민재:<a href="/cdn-cgi/l/email-protection" class="__cf_email__" data-cfemail="bcd6d3d4d2d2c592dfd4d3fcd3cbddcfcc92d3cedb">[email protected]</a>,허성무:<a href="/cdn-cgi/l/email-protection" class="__cf_email__" data-cfemail="2c455f5f45415c40494249586c4b414d4540024f4341">[email protected]</a></li> <li>Brazilian Portuguese 2013: <a href="https://torage.googleapis.com/google-code-archive-downloads/v2/code.google.com/owasptop10/OWASP_Top_10_-_2013_Brazilian_Portuguese.pdf">OWASP Top 10 2013 - Brazilian Portuguese PDF</a><br />Translated by: Carlos Serrão, Marcio Machry, Ícaro Evangelista de Torres, Carlo Marcelo Revoredo da Silva, Luiz Vieira, Suely Ramalho de Mello, Jorge Olímpia, Daniel Quintão, Mauro Risonho de Paula Assumpção, Marcelo Lopes, Caio Dias, Rodrigo Gularte</li> <li>Spanish 2013: <a href="https://www.owasp.org/images/5/5f/OWASP_Top_10_-_2013_Final_-_Espa%C3%B1ol.pdf">OWASP Top 10 2013 - Spanish PDF</a><br />Gerardo Canedo: <a href="/cdn-cgi/l/email-protection" class="__cf_email__" data-cfemail="294e4c5b485b4d46074a48474c4d4669465e485a5907465b4e">[email protected]</a>, Jorge Correa: <a href="/cdn-cgi/l/email-protection" class="__cf_email__" data-cfemail="98f2f9fbf7eaeafdf9f5d8fff5f9f1f4b6fbf7f5">[email protected]</a>, Fabien Spychiger: <a href="/cdn-cgi/l/email-protection" class="__cf_email__" data-cfemail="422423202b272c6c31323b212a2b25273002263027232f2e23206c2c2736">[email protected]</a>, Alberto Hill: <a href="/cdn-cgi/l/email-protection" class="__cf_email__" data-cfemail="12737e707760667d3c76737c7b777e3c7a7b7e7e52757f737b7e3c717d7f">[email protected]</a>, Johnatan Stanley: <a href="/cdn-cgi/l/email-protection" class="__cf_email__" data-cfemail="513b3e393f3025303f222511363c30383d7f323e3c">[email protected]</a>, Maximiliano Alonzo: <a href="/cdn-cgi/l/email-protection" class="__cf_email__" data-cfemail="8ee3efe2e1e0f4e1cefae7eca0ede1e3a0fbf7">[email protected]</a>, Mateo Martinez: <a href="/cdn-cgi/l/email-protection" class="__cf_email__" data-cfemail="91fcf0e5f4febffcf0e3e5f8fff4ebd1fee6f0e2e1bffee3f6">[email protected]</a>, David Montero: <a href="/cdn-cgi/l/email-protection" class="__cf_email__" data-cfemail="620603140b064c0f0d0c1607100d220d150311124c0d1005">[email protected]</a>, Rodrigo Martinez: <a href="/cdn-cgi/l/email-protection" class="__cf_email__" data-cfemail="a8dac7ccc5c9dadce8cec1c6cf86cdccdd86ddd1">[email protected]</a>, Guillermo Skrilec: <a href="/cdn-cgi/l/email-protection" class="__cf_email__" data-cfemail="7215071b1e1e17001f1d5c0119001b1e1711321d051301025c1d0015">[email protected]</a>, Felipe Zipitria: <a href="/cdn-cgi/l/email-protection" class="__cf_email__" data-cfemail="e284878e8b9287cc988b928b96908b83a28d95839192cc8d9085">[email protected]</a>, Fabien Spychiger: <a href="/cdn-cgi/l/email-protection" class="__cf_email__" data-cfemail="85e3e4e7ece0ebabf6f5fce6edece2e0f7c5e1f7e0e4e8e9e4e7abebe0f1">[email protected]</a>, Rafael Gil: <a href="/cdn-cgi/l/email-protection" class="__cf_email__" data-cfemail="2351424542464f0d444a4f4f42514a4c50634c544250530d4c5144">[email protected]</a>, Christian Lopez: <a href="/cdn-cgi/l/email-protection" class="__cf_email__" data-cfemail="cdaea5bfa4beb9a4aca3e3a1a2bda8b7e3a0acbfb9a4a38da2baacbebde3a2bfaa">[email protected]</a>, jonathan fernandez <a href="/cdn-cgi/l/email-protection" class="__cf_email__" data-cfemail="b8d2d7d6d9ccd0d9d696deddcad6d9d6dcddc2888cf8dfd5d9d1d496dbd7d5">[email protected]</a>, Paola Rodriguez: <a href="/cdn-cgi/l/email-protection" class="__cf_email__" data-cfemail="5101303e3d300e03601127342338373e3f347f323e3c">[email protected]</a>, Hector Aguirre: <a href="/cdn-cgi/l/email-protection" class="__cf_email__" data-cfemail="3e565b5d4a514c105f504a51505751105f594b574c4c5b7e51495f4d4e10514c59">[email protected]</a>, Roger Carhuatocto: <a href="/cdn-cgi/l/email-protection" class="__cf_email__" data-cfemail="55273634273d2034213a36213a153c3b213c2d7b3c3b333a">[email protected]</a>, Juan Carlos Calderon: <a href="/cdn-cgi/l/email-protection" class="__cf_email__" data-cfemail="acc6c3c4c2cfcfdeecd5cdc4c3c382cfc3c1">[email protected]</a>, Marc Rivero López: <a href="/cdn-cgi/l/email-protection" class="__cf_email__" data-cfemail="d6bba4bfa0b3a4b9bab9a6b3ac96b1bbb7bfbaf8b5b9bb">[email protected]</a>, Carlos Allendes: <a href="/cdn-cgi/l/email-protection" class="__cf_email__" data-cfemail="34575546585b471a555858515a505147745b435547441a5b4653">[email protected]</a>, <a href="/cdn-cgi/l/email-protection" class="__cf_email__" data-cfemail="6307020d0a060f230002111106110c4d000f">[email protected]</a>: <a href="/cdn-cgi/l/email-protection" class="__cf_email__" data-cfemail="86e2e7e8efe3eac6e5e7f4f4e3f4e9a8e5ea">[email protected]</a>, Manuel Ramírez: <a href="/cdn-cgi/l/email-protection" class="__cf_email__" data-cfemail="81ece0eff4e4edaff3e0ece8f3e4fbaff2c1e6ece0e8edafe2eeec">[email protected]</a>, Marco Miranda: <a href="/cdn-cgi/l/email-protection" class="__cf_email__" data-cfemail="3a575b485955145753485b545e5b7a554d5b494a1455485d">[email protected]</a>, Mauricio D. Papaleo Mayada: <a href="/cdn-cgi/l/email-protection" class="__cf_email__" data-cfemail="1a776a7b6a7b767f755a7d777b737634797577">[email protected]</a>, Felipe Sanchez: <a href="/cdn-cgi/l/email-protection" class="__cf_email__" data-cfemail="dcbab9b0b5acb9f2afbdb2bfb4b9a69cacb9aeb5a8bdb6b9afb5b2bab3aeb1bda8b5bfb3aff2bfb0">[email protected]</a>, Juan Manuel Bahamonde: <a href="/cdn-cgi/l/email-protection" class="__cf_email__" data-cfemail="d4bea1b5bab9b5baa1b1b8fab6b5bcb5b9bbbab0b194b3b9b5bdb8fab7bbb9">[email protected]</a>, Adrià Massanet: <a href="/cdn-cgi/l/email-protection" class="__cf_email__" data-cfemail="28494c5a414945495b5b49464d5c684f45494144064b4745">[email protected]</a>, Jorge Correa: <a href="/cdn-cgi/l/email-protection" class="__cf_email__" data-cfemail="83e9e2e0ecf1f1e6e2eec3e4eee2eaefade0ecee">[email protected]</a>, Ramiro Pulgar: <a href="/cdn-cgi/l/email-protection" class="__cf_email__" data-cfemail="681a0905011a0746181d040f091a28071f091b1846071a0f">[email protected]</a>, German Alonso Suárez Guerrero: <a href="/cdn-cgi/l/email-protection" class="__cf_email__" data-cfemail="d5b2b0a7b8b4bbfba6a0b4a7b0af95baa2b4a6a5fbbaa7b2">[email protected]</a>, Jose A. Guasch: <a href="/cdn-cgi/l/email-protection" class="__cf_email__" data-cfemail="5832393f2d392b3b30183f35393134763b3735">[email protected]</a>, Edgar Salazar: <a href="/cdn-cgi/l/email-protection" class="__cf_email__" data-cfemail="c7a2a3a0a6b5e9b4a6aba6bda6b587a8b0a6b4b7e9a8b5a0">[email protected]</a></li> <li>Ukrainian 2013: <a href="https://www.owasp.org/images/e/e3/OWASP_Top_10_-_2013_Final_Ukrainian.pdf">OWASP Top 10 2013 - Ukrainian PDF</a><br />Kateryna Ovechenko, Yuriy Fedko, Gleb Paharenko, Yevgeniya Maskayeva, Sergiy Shabashkevich, Bohdan Serednytsky</li> </ul> <h3 id="2010-completed-translations">2010 Completed Translations:</h3> <ul> <li>Korean 2010: <a href="https://torage.googleapis.com/google-code-archive-downloads/v2/code.google.com/owasptop10/OWASP%20Top%2010%20-%202010%20Korean.pdf">OWASP Top 10 2010 - Korean PDF</a><br />Hyungkeun Park, (<a href="/cdn-cgi/l/email-protection" class="__cf_email__" data-cfemail="81ece8f3f3eab0c1e6ece0e8edafe2eeec">[email protected]</a>)</li> <li>Spanish 2010: <a href="https://torage.googleapis.com/google-code-archive-downloads/v2/code.google.com/owasptop10/OWASP%20Top%2010%20-%202010%20Spanish.pdf">OWASP Top 10 2010 - Spanish PDF</a><br /> Daniel Cabezas Molina, Edgar Sanchez, Juan Carlos Calderon, Jose Antonio Guasch, Paulo Coronado, Rodrigo Marcos, Vicente Aguilera</li> <li>French 2010: <a href="https://torage.googleapis.com/google-code-archive-downloads/v2/code.google.com/owasptop10/OWASP%20Top%2010%20-%202010%20French.pdf">OWASP Top 10 2010 - French PDF</a><br /><a href="/cdn-cgi/l/email-protection" class="__cf_email__" data-cfemail="d0bca5b4bfa6b9b3fea0b5a4b9a490bfa7b1a3a0febfa2b7">[email protected]</a>, <a href="/cdn-cgi/l/email-protection" class="__cf_email__" data-cfemail="423127202331362b272c6c252b2d302b23022d352331326c2d3025">[email protected]</a>, <a href="/cdn-cgi/l/email-protection" class="__cf_email__" data-cfemail="0869667c67666167266e67667c6d7b48677f697b7826677a6f">[email protected]</a>, <a href="/cdn-cgi/l/email-protection" class="__cf_email__" data-cfemail="ec8e8982838598c28b99899e89989889ac839b8d9f9cc2839e8b">[email protected]</a>, <a href="/cdn-cgi/l/email-protection" class="__cf_email__" data-cfemail="5f15303c3a332631713e2a3d3a2d2b1f30283e2c2f71302d38">[email protected]</a>, <a href="/cdn-cgi/l/email-protection" class="__cf_email__" data-cfemail="3570475c561b72544747505440755250585459415a1b565a58">[email protected]</a>, <a href="/cdn-cgi/l/email-protection" class="__cf_email__" data-cfemail="ffb88a9693939e8a929ad1b78a868c929e918cbf989a929e938b90d19c9092">[email protected]</a></li> <li>German 2010: <a href="https://wiki.owasp.org/?title=Special:Redirect/file/OWASPTop10_2010_DE_Version_1_0.pdf">OWASP Top 10 2010 - German PDF</a><br /><a href="/cdn-cgi/l/email-protection" class="__cf_email__" data-cfemail="dfabb0afeeef9fb0a8beacaff1bbba">[email protected]</a> which is Frank Dölitzscher, Tobias Glemser, Dr. Ingo Hanke, <a href="https://wiki.owasp.org/index.php/User:Kai_Jendrian">Kai Jendrian</a>, <a href="https://wiki.owasp.org/index.php/https://wiki.owasp.org/index.php/User:Ralf_Reinhardt">Ralf Reinhardt</a>, Michael Schäfer</li> <li>Indonesian 2010: <a href="https://torage.googleapis.com/google-code-archive-downloads/v2/code.google.com/owasptop10/OWASP%20Top%2010%20-%202010%20Indonesian.pdf">OWASP Top 10 2010 - Indonesian PDF</a><br />Tedi Heriyanto (coordinator), Lathifah Arief, Tri A Sundara, Zaki Akhmad</li> <li>Italian 2010: <a href="https://www.owasp.org/images/f/f9/OWASP_Top_10_-_2010_ITA.pdf">OWASP Top 10 2010 - Italian PDF</a><br />Simone Onofri, Paolo Perego, Massimo Biagiotti, Edoardo Viscosi, Salvatore Fiorillo, Roberto Battistoni, Loredana Mancini, Michele Nesta, Paco Schiaffella, Lucilla Mancini, Gerardo Di Giacomo, Valentino Squilloni</li> <li>Japanese 2010: <a href="https://torage.googleapis.com/google-code-archive-downloads/v2/code.google.com/owasptop10/OWASP%20Top%2010%20-%202010%20Japanese-A4.pdf">OWASP Top 10 2010 - Japanese PDF</a><br /><a href="/cdn-cgi/l/email-protection" class="__cf_email__" data-cfemail="2c4f494f4540025f596c435b4d5f5c02435e4b">[email protected]</a>, Dr. Masayuki Hisada, Yoshimasa Kawamoto, Ryusuke Sakamoto, Keisuke Seki, Shin Umemoto, Takashi Arima</li> <li>Chinese 2010: <a href="https://www.owasp.org/images/a/a9/OWASP_Top_10_2010_Chinese_V1.0_Released.pdf">OWASP Top 10 2010 - Chinese PDF</a><br />感谢以下为中文版本做出贡献的翻译人员和审核人员: Rip Torn, 钟卫林, 高雯, 王颉, 于振东</li> <li>Vietnamese 2010: <a href="torage.googleapis.com/google-code-archive-downloads/v2/code.google.com/owasptop10/OWASPTop%2010%20-%202010%20Vietnamese.pdf">OWASP Top 10 2010 - Vietnamese PDF</a><br />Translation lead by Cecil Su - Translation Team: Dang Hoang Vu, Nguyen Ba Tien, Nguyen Tang Hung, Luong Dieu Phuong, Huynh Thien Tam</li> <li>Hebrew 2010: <a href="https://wiki.owasp.org/index.php/OWASP_Top10_Hebrew">OWASP Top 10 Hebrew Project</a> – <a href="https://www.owasp.org/images/c/cd/OWASP_Top_10_Heb.pdf">OWASP Top 10 2010 - Hebrew PDF</a>.<br />Lead by Or Katz, see translation page for list of contributors.</li> </ul> </section> <section id='sec-sponsors' class='page-body tab-hidden'> <hr /> <h2 id="2021-project-sponsors">2021 Project Sponsors</h2> <p>The OWASP Top 10:2021 is sponsored by Secure Code Warrior.</p> <p><a href="https://securecodewarrior.com"><img src="assets/images/securecodewarrior.png" alt="Secure Code Warrior" /></a></p> <h2 id="2017-project-sponsors">2017 Project Sponsors</h2> <p>The OWASP Top 10 - 2017 project was sponsored by Autodesk, and supported by the <a href="https://owasp.org/www-chapter-northern-virginia/">OWASP NoVA Chapter</a>.</p> <p><img src="assets/images/autodesk.png" alt="Autodesk" /></p> <h2 id="2003-2013-project-sponsors">2003-2013 Project Sponsors</h2> <p>Thanks to <a href="https://www.aspectsecurity.com/" target="_blank">Aspect Security</a> for sponsoring earlier versions.</p> </section> <section id='sec-data_2025' class='page-body tab-hidden'> <hr /> <h1 id="owasp-top-10-2025-data-analysis-plan">OWASP Top 10 2025 Data Analysis Plan</h1> <h2 id="goals">Goals</h2> <p>To collect the most comprehensive dataset related to identified application vulnerabilities to-date to enable analysis for the Top 10 and other future research as well. This data should come from a variety of sources; security vendors and consultancies, bug bounties, along with company/organizational contributions. Data will be normalized to allow for level comparison between Human assisted Tooling and Tooling assisted Humans.</p> <p><br /></p> <h2 id="analysis-infrastructure">Analysis Infrastructure</h2> <p>Plan to leverage the OWASP Azure Cloud Infrastructure to collect, analyze, and store the data contributed.</p> <p><br /></p> <h2 id="contributions">Contributions</h2> <p>We plan to support both known and pseudo-anonymous contributions. The preference is for contributions to be known; this immensely helps with the validation/quality/confidence of the data submitted. If the submitter prefers to have their data stored anonymously and even go as far as submitting the data anonymously, then it will have to be classified as “unverified” vs. “verified”.</p> <h3 id="verified-data-contribution">Verified Data Contribution</h3> <p>Scenario 1: The submitter is known and has agreed to be identified as a contributing party.<br /> Scenario 2: The submitter is known but would rather not be publicly identified.<br /> Scenario 3: The submitter is known but does not want it recorded in the dataset.<br /></p> <h3 id="unverified-data-contribution">Unverified Data Contribution</h3> <p>Scenario 4: The submitter is anonymous. (Should we support?)</p> <p>The analysis of the data will be conducted with a careful distinction when the unverified data is part of the dataset that was analyzed.</p> <p><br /></p> <h2 id="contribution-process">Contribution Process</h2> <p>There are a few ways that data can be contributed:</p> <ol> <li>Email a CSV/Excel file with the dataset(s) to <a href="/cdn-cgi/l/email-protection" class="__cf_email__" data-cfemail="a4c6d6cdc5ca8ac3c8c5d7e4cbd3c5d7d48acbd6c3">[email protected]</a></li> <li>Upload a CSV/Excel file to <a href="https://bit.ly/OWASPTop10Data">https://bit.ly/OWASPTop10Data</a></li> </ol> <p>Template examples can be found in GitHub: <a href="https://github.com/OWASP/Top10/tree/master/2024/Data">https://github.com/OWASP/Top10/tree/master/2024/Data</a></p> <p><br /></p> <h2 id="contribution-period">Contribution Period</h2> <p>We plan to accept contributions to the new Top 10 until Dec 31, 2024 for data dating from 2021 to current.</p> <p><br /></p> <h2 id="data-structure">Data Structure</h2> <p>The following data elements are <strong>required</strong> or optional. <br /> The more information provided the more accurate our analysis can be.<br /> At a bare minimum, we need the time period, total number of applications tested in the dataset, and the list of CWEs and counts of how many applications contained that CWE.<br /> If at all possible, please provide the additional metadata, because that will greatly help us gain more insights into the current state of testing and vulnerabilities.<br /></p> <h3 id="metadata">Metadata</h3> <ul> <li>Contributor Name (org or anon)<br /></li> <li>Contributor Contact Email<br /></li> <li><strong>Time period (2024, 2023, 2022, 2021)</strong><br /></li> <li><strong>Number of applications tested</strong><br /></li> <li>Type of testing (TaH, HaT, Tools)<br /></li> <li>Primary Language (code)<br /></li> <li>Geographic Region (Global, North America, EU, Asia, other)<br /></li> <li>Primary Industry (Multiple, Financial, Industrial, Software, ??)<br /></li> <li>Whether or not data contains retests or the same applications multiple times (T/F)<br /></li> </ul> <h3 id="cwe-data">CWE Data</h3> <ul> <li><strong>A list of CWEs w/ count of applications found to contain that CWE</strong><br /></li> </ul> <p><em>If at all possible, please provide core CWEs in the data, not CWE categories.</em><br /> <em>This will help with the analysis, any normalization/aggregation done as a part of this analysis will be well documented.</em></p> <h4 id="note">Note:</h4> <p>If a contributor has two types of datasets, one from HaT and one from TaH sources, then it is recommended to submit them as two separate datasets.<br /> <em>HaT = Human assisted Tools (higher volume/frequency, primarily from tooling)</em><br /> <em>TaH = Tool assisted Human (lower volume/frequency, primarily from human testing)</em><br /></p> <p><br /></p> <h2 id="survey">Survey</h2> <p>Similarly to the Top Ten 2021, we plan to conduct a survey to identify up to two categories of the Top Ten that the community believes are important, but may not be reflected in the data yet. We plan to conduct the survey in early 2025, and will be utilizing Google forms in a similar manner as last time. The CWEs on the survey will come from current trending findings, CWEs that are outside the Top Ten in data, and other potential sources.</p> <p><br /></p> <h2 id="process">Process</h2> <p>At a high level, we plan to perform a level of data normalization; however, we will keep a version of the raw data contributed for future analysis. We will analyze the CWE distribution of the datasets and potentially reclassify some CWEs to consolidate them into larger buckets. We will carefully document all normalization actions taken so it is clear what has been done.</p> <p>We plan to calculate likelihood following the model we continued in 2021 to determine incidence rate instead of frequency to rate how likely a given app may contain at least one instance of a CWE. This means we aren’t looking for the frequency rate (number of findings) in an app, rather, we are looking for the number of applications that had one or more instances of a CWE. We can calculate the incidence rate based on the total number of applications tested in the dataset compared to how many applications each CWE was found in.</p> <p>In addition, we will be developing base CWSS scores for the top 20-30 CWEs and include potential impact into the Top 10 weighting.</p> <p>Also, would like to explore additional insights that could be gleaned from the contributed dataset to see what else can be learned that could be of use to the security and development communities.</p> </section> </div> <hr> <div class="repo"> </div> <div class="github-buttons"> <a class="github-button" href="https://github.com/owasp/www-project-top-ten/subscription" data-icon="octicon-eye" data-size="large" data-show-count="true" aria-label="Watch on GitHub">Watch</a> <a class="github-button" href="https://github.com/owasp/www-project-top-ten" data-icon="octicon-star" data-size="large" data-show-count="true" aria-label="Star on GitHub">Star</a> </div> <div class="sidebar" role="complementary"> <div class='owasp-sidebar-top'> <strong>The OWASP<sup>®</sup> Foundation</strong> works to improve the security of software through its community-led open source software projects, hundreds of chapters worldwide, tens of thousands of members, and by hosting local and global conferences. </div> <h3 id="project-information">Project Information</h3> <ul> <li>• <a href="https://owasp.org/Top10">OWASP Top 10:2021</a></li> <li>• <a href="https://www.owasptopten.org/">Making of OWASP Top 10</a></li> <li>• <a href="https://github.com/OWASP/Top10/raw/master/2021/Presentations/20th%20Anniversary%20-%20OWASP%20Top%2010%202021.pptx">OWASP Top 10:2021 - 20th Anniversary Presentation (PPTX)</a></li> <li><i class="fas fa-flag" style="font-size: 1.2em; color:#2ADA08;"></i><span style="font-size:1.0em;padding-left:12px;">Flagship Project</span></li> <li><i class="fas fa-book" style="font-size: 1.2em; color:#233e81;"></i><span style="font-size:1.0em;padding-left:12px;">Documentation</span></li> <li><i class="fas fa-toolbox" style="font-size: 1.2em; color:#233e81;"></i><span style="font-size:1.0em;padding-left:12px;">Builder</span></li> <li><i class="fas fa-shield-alt" style="font-size: 1.2em; color:#233e81;"></i><span style="font-size:1.0em;padding-left:12px;">Defender</span></li> <li>• <a href="2017">Previous Version (2017)</a></li> </ul> <h3 id="downloads-or-social-links">Downloads or Social Links</h3> <ul> <li>• <a href="/www-pdf-archive/OWASP_Top_10-2017_%28en%29.pdf.pdf" target="_blank" rel="noopener">OWASP Top 10 2017</a></li> <li>• <a href="/www-project-top-ten/#div-translation_efforts">Other languages → tab ‘Translation Efforts’</a></li> </ul> <h3 id="social">Social</h3> <ul> <li><a href="https://twitter.com/owasptop10">Twitter</a></li> </ul> <h3 id="code-repository">Code Repository</h3> <ul> <li><a href="https://github.com/OWASP/Top10" target="_blank" rel="noopener">repo</a></li> </ul> <h3 id="leaders">Leaders</h3> <ul> <li><a href="/cdn-cgi/l/email-protection#57213639333225363d17382036242779382530">Andrew van der Stock</a></li> <li><a href="/cdn-cgi/l/email-protection#c8aabaa1a9a6e6afa4a9bb88a7bfa9bbb8e6a7baaf">Brian Glas</a></li> <li><a href="/cdn-cgi/l/email-protection#600e05090c4e130d0914080c090e05200f170113104e0f1207">Neil Smithline</a></li> <li><a href="/cdn-cgi/l/email-protection#e4908b969790818aca838d83888196a48b93859794ca8b9683">Torsten Gigler</a></li> </ul> <div class='owasp-sidebar-bottom'> <h3>Upcoming OWASP Global Events</h3> <div id='global-event-div'> </div> </div> <script data-cfasync="false" src="/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js"></script><script type="text/javascript"> var events = []; $(function () { eventsyml = YAML.load('https://owasp.org/assets/sitedata/events.yml'); $.each(eventsyml, function (index) { if (this.category == 'Global') { for (e in this.events) { events.push(this.events[e]); } } }); if (events.length > 0) { var htmlstring = "<ul>"; for (evnt in events) { if (events[evnt].url) htmlstring += '<li><a href="' + events[evnt].url else htmlstring += '<li><a href="https://owasp.org/events/' htmlstring += '" target="_blank rel="noopener">' + events[evnt].name + '</a>'; if (typeof events[evnt].dates === 'undefined') { events[evnt].dates = 'TBA'; } htmlstring += "<ul><li style='list-style-type: circle;margin-top: 0px;padding:0px;margin-left:16px;'>" + events[evnt].dates + "</li></ul></li>"; } htmlstring += "</ul>"; $("#global-event-div").html(htmlstring); } }); </script>  </div> </div> </main> <footer> <section class="footer-wrapper"> <section class="social"> <a href="https://github.com/OWASP/" aria-label="github organization" target="_blank" rel="noopener noreferrer"><i class="fa fa-lg fa-github"></i></a> <a href="https://owasp.org/slack/invite" aria-label="slack group" target="_blank" rel="noopener noreferrer"><i class="fa fa-lg fa-slack"></i></a> <a href="https://www.facebook.com/OWASPFoundation" aria-label="facebook group" target="_blank" rel="noopener noreferrer"><i class="fa fa-lg fa-facebook-square"></i></a>  <a href="https://infosec.exchange/@owasp" aria-label="mastodon account" target="_blank" rel="me"><svg xmlns="http://www.w3.org/2000/svg" height="24" width="24" viewBox="0 0 448 512"><path d="M433 179.1c0-97.2-63.7-125.7-63.7-125.7-62.5-28.7-228.6-28.4-290.5 0 0 0-63.7 28.5-63.7 125.7 0 115.7-6.6 259.4 105.6 289.1 40.5 10.7 75.3 13 103.3 11.4 50.8-2.8 79.3-18.1 79.3-18.1l-1.7-36.9s-36.3 11.4-77.1 10.1c-40.4-1.4-83-4.4-89.6-54a102.5 102.5 0 0 1 -.9-13.9c85.6 20.9 158.7 9.1 178.8 6.7 56.1-6.7 105-41.3 111.2-72.9 9.8-49.8 9-121.5 9-121.5zm-75.1 125.2h-46.6v-114.2c0-49.7-64-51.6-64 6.9v62.5h-46.3V197c0-58.5-64-56.6-64-6.9v114.2H90.2c0-122.1-5.2-147.9 18.4-175 25.9-28.9 79.8-30.8 103.8 6.1l11.6 19.5 11.6-19.5c24.1-37.1 78.1-34.8 103.8-6.1 23.7 27.3 18.4 53 18.4 175z"/></svg></a>  <a href="https://twitter.com/owasp" aria-label="twitter account" target="_blank" rel="noopener noreferrer"><svg xmlns="http://www.w3.org/2000/svg" height="24" width="24" viewBox="0 0 512 512"><path d="M389.2 48h70.6L305.6 224.2 487 464H345L233.7 318.6 106.5 464H35.8L200.7 275.5 26.8 48H172.4L272.9 180.9 389.2 48zM364.4 421.8h39.1L151.1 88h-42L364.4 421.8z"/></svg></a> <a href="https://www.linkedin.com/company/owasp/" aria-label="linkedin account" target="_blank" rel="noopener noreferrer"><i class="fa fa-lg fa-linkedin"></i></a> <a href="https://www.youtube.com/user/OWASPGLOBAL" aria-label="youtube account" target="_blank" rel="noopener noreferrer"><i class="fa fa-lg fa-youtube-square"></i></a> </section> <nav class="bot-nav" role="navigation" aria-label="secondary navigation"> <ul> <li><a href="/">HOME</a></li> <li><a href="/projects/">PROJECTS</a></li> <li><a href="/chapters/">CHAPTERS</a></li> <li><a href="/events/">EVENTS</a></li> <li><a href="/about/">ABOUT</a></li> <li><a href="/www-policy/operational/privacy">PRIVACY</a></li> <li><a href="/sitemap/">SITEMAP</a></li> <li><a href="/contact/">CONTACT</a></li> </ul> </nav> <p class="disclaimer"> Open Web Application Security Project, OWASP, Global AppSec, AppSec Days, AppSec California, SnowFROC, LASCON, and the OWASP logo are trademarks of the OWASP Foundation. Unless otherwise specified, all content on the site is Creative Commons Attribution-ShareAlike v4.0 and provided without warranty of service or accuracy. For more information, please refer to our <a href="/www-policy/operational/general-disclaimer.html">General Disclaimer</a>. OWASP does not endorse or recommend commercial products or services, allowing our community to remain vendor neutral with the collective wisdom of the best minds in software security worldwide. Copyright 2024, OWASP Foundation, Inc. </p> </section> <p> <hr> </p><section class="member"> <script type="text/javascript"> var members = []; $(function() { corp_members = YAML.load('https://owasp.org/assets/sitedata/corp_members.yml'); $.each(corp_members, function (index) { members.push(this); }); var randomIndexUsed = []; var counter = 0; var numberOfImages = 10; if(members.length > 0) { var htmlstring = ""; while (counter < numberOfImages) { var randomIndex; var img; randomIndex = Math.floor(Math.random() * members.length); if (randomIndexUsed.indexOf(randomIndex) == "-1") { counter++; htmlstring += '<a href="'+ members[randomIndex]["url"] + '" class="alt-member-logo" rel="sponsored noopener noreferrer" target="_blank" onclick="handleOutboundLinkClicks(event);"><img src="https://owasp.org' + members[randomIndex]["image"] + '" alt="image"/></a>'; randomIndexUsed.push(randomIndex); } } $("#corp_member_div").html(htmlstring); } }); </script> <div class="alt-member-wrapper"> <section class="member-list"> <h2>A selection of our Corporate Supporters</h2> <div id="corp_member_div"> </div> <div class="member-cta"> <a class="callout-link" href="/supporters">Become a corporate supporter</a> </div> </section> </div> </section> </footer> </body> </html>