OWASP Top 10 Automated Testing
What is OWASP Top 10 Automated Testing?
The purpose of OWASP (Open Web Application Security Project) Scanning is to test your website against the most common vulnerabilities. OWASP Tests are automated scans that scan your website against the vulnerabilities, and lets you know where your website stands.
The Top 10 vulnerabilities are chosen from security experts all over the world.
“OWASP refers to the Top 10 as an ‘awareness document’ and recommends that all organisations incorporate the report into their processes in order to mitigate security risks. One thing to remember, it is not a standard. Organisations can define the matrix based on their own environment. This also means that it’s not just OWASP who defines Top10 but takes data from so many people, organisations and then opens it up for us to post the feedback. Analysis is very interesting and actually got Top 10 a total of forty-three CWE.” – owasp.org
Click here to watch the video on the OWASP Spotlight series
It's important to note that the automated testing is very basic, and is not a guarantee that if there are no vulnerabilities found in the test, that your site is not vulnerable. For a higher level of assurance, a manual pen test is the way to go.