The
Open Web Application Security Project (OWASP) is an international, not for profit foundation whose remit is to help organisations of all sizes find and use secure applications. As part of this they publish a list of the top 10 vulnerabilities for web applications, and also a related list for mobile vulnerabilities. Each of the top 10 risks identified on the lists has a description, examples of the vulnerability, examples of how attackers can exploit the vulnerabilities, guidance on how to mitigate the vulnerability, and reference links to related OWASP and external resources.