OWASP Top 10 Security

This cluster centers on recommendations for web application security, with users repeatedly suggesting the OWASP Top 10 list, cheatsheets, and related resources as key starting points for developers.

➡️ Stable 0.6x Security

1,811

Comments

Years Active

Top Authors

#7401

Topic ID

Activity Over Time

2007

2008

2009

2010

2011

2012

2013

139

2014

129

2015

115

2016

142

2017

161

2018

102

2019

114

2020

2021

136

2022

108

2023

2024

2025

110

2026

Top Contributors

tptacek (61) borski (11) sarciszewski (10) raesene9 (10) fmavituna (8)

Keywords

SecurityHeaders e.g CI CD index.php node.js brakemanscanner.org SQL HN AppSec security web web app csrf application vulnerabilities checklist framework web application django

Sample Comments

orf • Jul 21, 2013 • View on HN

Stop making websites and start reading about web app security, the OWASP top 10 is a good place to start.

varunkho • Aug 7, 2013 • View on HN

Web security and attack vectors, seriously. Will be helpful regardless of the technology you'll choose to build web apps.

mophose • Aug 20, 2021 • View on HN

OWASP is a good place to start for Web application security

svdr • May 2, 2018 • View on HN

Learn a little about AppSec: https://www.owasp.org/images/7/72/OWASP_Top_10-2017_%28en%29...

thedonkeycometh • May 8, 2018 • View on HN

Always keep up to date with OWASP

nchmy • Dec 25, 2025 • View on HN

Can you share links to better guidance than OWASP?

petee • Feb 19, 2018 • View on HN

Check out OWASP cheatsheets and guides:https://www.owasp.org/

pc86 • Feb 3, 2015 • View on HN

My bad, I thought you were referencing the OWASP site specifically.

gcb0 • May 27, 2018 • View on HN

owasp website is the #1 resource for this.

jeffreyrogers • Aug 8, 2015 • View on HN

This seems like the best answer here. Everyone else is coming at it from a pentesting perspective, where this is actually has a developer perspective, which is far more useful for someone actually building an application.