OWASP Top Ten

OWASP stands for Open Worldwide Application Security Project and is a globally recognized, non-profit organization dedicated to improving software security. The goal  of OWASP is to provide developers, companies, and security experts with freely accessible tools, documentation, and best practices to make applications more secure.
The community/OWASP community regularly publishes guides, tools, and training materials-one of the best-known projects is the OWASP Top Ten, a list of the ten most critical security risks for web applications.

• A01:Broken Access Control Fehler in der Zugriffskontrolle, die unberechtigte Zugriffe ermöglichen.
• A02:Cryptographic Failures Unsichere oder fehlerhafte Implementierungen von Verschlüsselung.
• A03:Injection Einschleusen von bösartigem Code (z. B. SQL-, LDAP-, oder OS-Injection).
• A04:Insecure Design Unsichere Architekturentscheidungen oder fehlende Sicherheitsprinzipien.
• A05:Security Misconfiguration Fehlkonfigurationen von Servern, Frameworks oder Datenbanken.
• A06:Vulnerable and Outdated Components Nutzung veralteter Bibliotheken oder Frameworks.
• A07:Identification and Authentication Failures Schwachstellen bei Login- und Session-Management.
• A08:Software and Data Integrity Failures anipulation von Daten oder Software-Komponenten.
• A09:Security Logging and Monitoring Failures Fehlende Überwachung und Protokollierung von Angriffen.
• A10:Server-Side Request Forgery (SSRF) Manipulation von Server-Anfragen durch Angreifer.

The OWASP Top Ten is regularly updated to reflect new threats and trends in the IT security landscape.

Our security tests are specifically based on the OWASP guidelines, in particular the OWASP Top Ten and the OWASP Web Security Testing Guide. This ensures that the tested applications are protected against the most common and dangerous attack scenarios.

imbus employees work on the basis of OWASP information, are members of the community, and regularly attend events such as regulars' tables, conferences, etc. In our security tests, OWASP standards are the minimum requirement for our approach.

Our approach includes, among other things:

• Automated scans with industry-standard tools (Burpsuite Professional, OWASP Zap, and many more).
• Manual security analyses and tests to identify (logical) vulnerabilities.
• Checking the application against the OWASP Top Ten categories.
• Checking the application using the OWASP Web Security Testing Guide.

The aim is to minimize security risks during development rather than reacting after the fact.

OWASP has established itself as the international standard for secure software development. Its principles and best practices are transparent, open, and practical—ideal for integrating security firmly into the development process. 

By using and adhering to these guidelines:

• security vulnerabilities are detected early on,
• the risk of successful attacks is significantly reduced,
• resilience to threats is increased,
• and the trust of customers and users in the applications is strengthened.