Close this search box.

OWASP Top 10 Project Needs Your Support

OWASP Top 10

The OWASP  Top 10 Project (Open  Web Application Security Project) has undergone several recent changes. The previous Top 10 leaders have passed the baton to a new team that is striving to address the feedback that has been provided over the past several months. A summary of changes to the project and methodology has been posted on the OWASP Blog. The Top 10 2017 RC 2 will be available for comment October 9, 2017November 3, 2017. The target date for the release of the Top 10 2017 is November 18, 2017.

The goal of the OWASP Top 10 project is to raise awareness and create a baseline for application security by identifying some of the more critical risks facing organizations. The Top 10 project is referenced by many standards, books, tools, and organizations, including MITRE, PCI DSS, DISA, FTC, and many more.

To this end, the Top 10 Project has reopened the call for data, until September 18, 2017. If you have vulnerability data related to web applications and/or APIs, please contribute. The OWASP Top 10 is largely data-driven and the more data that can be collected, the more accurate the results. Eight of the Top 10 are dedicated reflections of the public data call and the other two will reflect a survey of industry professionals.

You can contribute by taking our industry-ranked survey comprised of vulnerability categories that were identified as “on the cusp” from mailing list feedback and the previous data call. Respondents are asked to rank the top four most important vulnerability categories from their knowledge and experience. The two vulnerability categories with the total highest ranking will be included in the Top 10 2017.

Top 10 2017 Call for Data:
(Deadline extended to 18 September, 2017)

Top 10 2017 Industry Survey:
(Deadline for completion is 10 September, 2017)

The OWASP Top 10 Project leads are Andrew van der Stock, Neil Smithline, Torsten Gigler, and Brian Glas.

To learn more, visit

Follow OWASP Top 10 on twitter: @OWASPTop10

For additional info email the Top 10 mailing list:


network security
Visualized security
What is DAST

Explore our topics