What is the OWASP Top 10?

Added: 2026-05-21

[00:00:00]I wanted to to talk to you a a little bit about a project primarily that you're really heavily involved in. I think every developer probably knows about the OWASP top 10. Let's like just just in case, like in your words, like what is that resource that comes out?

[00:00:16]How is it decided?

[00:00:18]>> So the OWASP top 10, if you have not heard of it, is an awareness document.

[00:00:22]It is the most popular project that OWASP does internationally, and it is a list of the top 10 risks or things that can go wrong for web applications. But we sort of expanded it so it applies to most software.

[00:00:34]>> Tanya Janca is a security expert. She runs a She Hacks Purple community and delivers secure coding training and presentations all around the world, having spoken in every single continent except Antarctica. And how does it happen? Well, we ask people like your company and many many companies and and pen testers and all sorts of organizations if they will share their data with us about the types of vulnerabilities and problems that they're having. And generally people that respond are really awesome pen testing companies um and vendors. Some of the things that are on the list, so most of them are supported by data, but some of them are a little higher because the community voted on various things and gave us feedback repeatedly. And if enough of the community speaks, we try to listen. And so some things are higher than we have data to support because the community's like, "No, that is literally happening all the time. I know you're not seeing it in like the scanners' data. We don't care. That's happening to us all day long."