What is OWASP (Open Worldwide Application Security Project)?

A nonprofit that publishes open security resources, most famously the OWASP Top 10 and OWASP API Top 10 lists of most-common vulnerabilities.

Full explanation

OWASP publishes: Top 10 (web app vulnerabilities), API Top 10, Mobile Top 10, LLM Top 10 (new 2023+), ASVS (verification standard), SAMM (maturity model), Cheat Sheet Series, and ZAP (web scanner). Every serious AppSec team references OWASP.

Example

BOLA (Broken Object-Level Authorization) is #1 on the OWASP API Security Top 10 2023. Injection is still in the OWASP Web Top 10 2021.

Guide

Broken Object-Level Authorization (BOLA) in Next.js apps

Guide

SQL injection prevention in Node.js — parametrize everything

Guide

XSS in React — dangerouslySetInnerHTML and the specific bugs we see

FAQ

Is the OWASP Top 10 the authoritative list?

It is the most widely-cited. Your specific stack (Next.js, Supabase, etc.) has specific bugs the Top 10 may not capture.

What is OWASP (Open Worldwide Application Security Project)?

Full explanation

Example

Related

FAQ