An Analysis of the OWASP Top Ten 2013

~200 words


Last modified: February 5th, 12,018 HE

This essay was written for the Information System Penetration and Countermeasures module (SCC.442) of my MSc. It achieved a grade of Merit.


The Open Web Application Security Project (OWASP) is an attempt to improve the general level of web application security across all industries via the production of educational materials, and other projects. One such project is the OWASP Top Ten, detailing what the Project considers to be the ten most pervasive web application security vulnerabilities at a given time. This report shall first summarise the OWASP itself, and then the Top Ten project and its methodolgy. The 2013 instalment shall be detailed, followed by a critical analysis of its choices. A number of suggestions shall then be made for a proposed 2017 update. Though this report shall be written from the perspective of an official OWASP Top Ten for 2017 not yet having been released, this is in fact not the case. Other than this mention, the 2017 Top Ten is considered to be outside of the scope of this report.