The OWASP Top Ten provides a powerful awareness document for web application security. The OWASP Top Ten represents a broad consensus about what the most critical web application security flaws are. Project members include a variety of security experts from around the world who have shared their expertise to produce this list. Versions of the 2007 and 2010 Top 10 were translated into English, French, Spanish, Japanese, Korean and Turkish and other languages. Translations for the 2010 version are posted here.
We urge all companies to adopt this awareness document within their organization and start the process of ensuring that their web applications do not contain these flaws. Adopting the OWASP Top Ten is perhaps the most effective first step towards changing the software development culture within your organization into one that produces secure code.
OWASP Top 10 - 2013 - RC1.pdf 1.2 MB
This is the release candidate for the OWASP Top 10 for 2013. It is now open for public comment until the end of March 2013. After that date, comments will be addressed and a final version will be published by May 2013.