st02_OWASP_Top10.md

---
title: "OWASP Top 10 (This needs a better name)"
---

Cyber Security is a complex area that has an impact on a wide range of
subjects.  There are many classes of vulnerabilities, each affecting a
set of services or applications.

One area that is of particular interest is security on the web. As
society becomes increasingly digital, the web is becoming more
embedded in our lives. The [OWASP](https://www.owasp.org/) (Open Web
Application Security Project) has been tracking web based
vulnerabilities since 2004, surveying organisations and collating
information on the types of cyber attack that affect websites.

> NOTE: Security researchers love lists. As well as OWASP for web,
> there are several other "Top 10's"; they let us work out what issues
> to focus on.  However, as new threats occur, any security audit based
> on only the top10 is probably not comprehensive enough.

As well as advice on mitigating security issues, each year they
produce a report (the OWASP top 10), presenting the most common
threats that have occurred that year.  This report can provide
security researchers with areas to focus on, and will highlight new
trends in the types of attack that may occur.


# Task (~1 Hour)

Let's start thinking about security - take a look at the OWASP Top 10 Web
vulnerabilities,
[OWASP Top10](https://www.owasp.org/index.php/Category:OWASP_Top_Ten_Project)


In the forums discuss:

  - Which of the vulnerabilities do you think is the most "Dangerous"?
  - Can you think of an example of a recent "Hack" you have heard
    about that has used one of the OWASP top 10?
  - Look back through previous versions of the top 10 - what trends can you see? Are there any problems that have been "Fixed"?
	---
	title: "OWASP Top 10 (This needs a better name)"
	---

	Cyber Security is a complex area that has an impact on a wide range of
	subjects. There are many classes of vulnerabilities, each affecting a
	set of services or applications.

	One area that is of particular interest is security on the web. As
	society becomes increasingly digital, the web is becoming more
	embedded in our lives. The [OWASP](https://www.owasp.org/) (Open Web
	Application Security Project) has been tracking web based
	vulnerabilities since 2004, surveying organisations and collating
	information on the types of cyber attack that affect websites.

	> NOTE: Security researchers love lists. As well as OWASP for web,
	> there are several other "Top 10's"; they let us work out what issues
	> to focus on. However, as new threats occur, any security audit based
	> on only the top10 is probably not comprehensive enough.

	As well as advice on mitigating security issues, each year they
	produce a report (the OWASP top 10), presenting the most common
	threats that have occurred that year. This report can provide
	security researchers with areas to focus on, and will highlight new
	trends in the types of attack that may occur.


	# Task (~1 Hour)

	Let's start thinking about security - take a look at the OWASP Top 10 Web
	vulnerabilities,
	[OWASP Top10](https://www.owasp.org/index.php/Category:OWASP_Top_Ten_Project)


	In the forums discuss:

	- Which of the vulnerabilities do you think is the most "Dangerous"?
	- Can you think of an example of a recent "Hack" you have heard
	about that has used one of the OWASP top 10?
	- Look back through previous versions of the top 10 - what trends can you see? Are there any problems that have been "Fixed"?