OWASP Top 10 Vulns & Examples
This article starts with the definitions and recommendations from OWASP and includes more examples relating OWASP’s listed vulnerabilities to the specific programming frameworks we use. While this (lengthy) document covers similar material to OWASP’s Top 10 list, it is intended to expand on their work with direct and practical examples—not a simple re-copy. Visit the OWASP site for the official list.
For more on the top 10 vulnerabilities, check out this link:
The Overlap of OWASP Top 10 Guidance§
This can be found here, where OWASP discusses how their data is gathered. Technically speaking, if we’re defining vulnerability categories by CWE then there is no overlap. However, for conceptual understanding of how these things operate practically, the “overlap” is helpful to visualize.
This distinction helps explain why the “top 10” and the proactive controls do not line up 1-to-1.