English

Is the OWASP Top 10 list comprehensive enough for writing secure code?

Cryptography and Security 2024-02-13 v1 Networking and Internet Architecture Software Engineering

Abstract

The OWASP Top 10 is a list that is published by the Open Web Application Security Project (OWASP). The general purpose is to serve as a watchlist for bugs to avoid while writing code. This paper compares how many of those weakness as described in the top ten list are actually reported in vulnerabilities listed in the National Vulnerability Database (NVD). That way it makes it possible to empirically show whether the OWASP Top 10 list is comprehensive enough or not, for code weaknesses that have been found in the past decade.

Keywords

Cite

@article{arxiv.2002.11269,
  title  = {Is the OWASP Top 10 list comprehensive enough for writing secure code?},
  author = {Parth Sane},
  journal= {arXiv preprint arXiv:2002.11269},
  year   = {2024}
}

Comments

5 pages, Pre-print 2020 ICISE-IEEE Conference at University of Manchester, Manchester UK

R2 v1 2026-06-23T13:54:02.870Z