Open
Conversation
adeyosemanputra
approved these changes
Mar 7, 2023
Add OWASP Open Security Information Base (OSIB) to manage links
Add German Version of Top 10:2021 from Repository https://github.com/sub0Kelvin/Top10Translation
his update addresses an issue with the Google Groups link in the OWASP Markdown file. The previous entry was a placeholder, and I have replaced it with a potential link to the OWASP Google Groups page. However, the accuracy of this link needs to be verified. A comment has been added to guide future contributors to update the link if it is found to be incorrect. This change ensures that the document is more informative and actionable for users seeking to connect with OWASP's Google Groups.
* Añadiendo traducción al español de OWASP Top 10 2021 * Agregada la traducción en español a mkdocs.yml --------- Co-authored-by: yesid.pinto <pinto_1110@hotmail.com>
* Remove Logo of Prior Sponsor * Remove 2017 RC1 Column Rename "2017 RC2" to "2017" Resize all other columns including 2017. * Rename Folder and File to 2021 * Insert 2021 Column Release Candidate (RC) * QA 2021 Column * Delete "T10" Redundancy * Replace @cmlh Email Address * Insert RC1 Watermark * Fix Color of CRSF 2017 Cell "Change the colour of 2017 CSRF from Green to Red." to quote @colecornford within #674 (comment) * Rename "Vulnerable and Outdated Components" "^25 uses the same name as 2017 despite the category being renamed to "Vulnerable and Outdated Components"" to quote @colecornford within #674 (comment) * Fix "Identification and Authentication Failures" "^22 A7 is now "Identification and Authentication Failures" not Access" to quote @colecornford within #674 (comment) Co-Authored-By: Cole Cornford <cole.cornford@gmail.com> * Bump RC2 Thanks @colecornford for #674 (comment) Co-Authored-By: Cole Cornford <cole.cornford@gmail.com> * Insert Sponsor Artwork * Insert @colecornford Credit * Fix Wingdings Cross i.e. "x" * Bump RC Version * Recreate PDF * Added A11 (Next Steps) to Comparison of 2003-2021 Releases * Split A11 (Next Steps) into three major issues and incremented RC number * Enhancement: Reordered 2021 column such that it reads 1-11 * QA Review of Comparison Document (2003-2021) * QA Laura Dominguez * Modify to mailto: Links * Remove Watermark * Recreate PDF --------- Co-authored-by: Cole Cornford <cole.cornford@gmail.com> Co-authored-by: Peter Funnell <peter@localhost.localdomain> Co-authored-by: Peter Funnell <hello@octetsplicer.com>
Just adding the CWE-259, because it was mentioned on overview as notable, but it's missing from Mapped CWE list.
Hi While delivering a training, a student pointed out an improvement to the description of the A9 issue.
* fix conflict A03_2021-Injection.id.md * Update A03_2021-Injection.id.md
Fix bullet point level.
* Fixed domain for Twitter, since it was broken link * Fixed Twitter.com domain
Duplicated text in the description section of A03:2021 – Injection (Brazilian Portuguese)
I only see three issues, not four
The attack scenarios had #2 listed twice. Updated to be correctly numbered from 1-4 with consistent bold formatting and brief titles. Rebased from PR #843 by @ChaoticGoose for 2025 reorganization. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: ChaoticGoose <20331882+ChaoticGoose@users.noreply.github.com>
Added a section for the upcoming OWASP Top 10 2025. Rebased from PR #816 by @ShehabAgain (with minor grammar fix). 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: ShehabAgain <170355303+ShehabAgain@users.noreply.github.com>
Rebased from PR #832 by @tmendo. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Tiago Mendo <1278447+tmendo@users.noreply.github.com>
…o A02 A03: Add blank lines before bullet lists so they render as proper lists (from PR #828 by @za) A02: Add prevention point for using identity federation and short-lived credentials instead of static secrets (from PR #825 by @adanalvarez) 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: za <409455+za@users.noreply.github.com> Co-Authored-By: Adan Álvarez <6905200+adanalvarez@users.noreply.github.com>
- Remove extraneous "it" from "if the application it:" - Add missing verb "use" in "both reuse passwords and use weak passwords" Rebased from PR #823 by @gavjl. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Gavin Johnson-Lynn <68402352+gavjl@users.noreply.github.com>
Fix italic markers and sentence-ending punctuation in Notable CWEs list. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Jan Klass <kissaki@posteo.de>
Fixes #887 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: timdnewman <43032684+timdnewman@users.noreply.github.com>
- Scenario #1: Use correct SQL injection payload `' OR '1'='1` instead of inconsistent UNION/SLEEP example - Scenario #2: Give HQL injection its own appropriate payload since HQL doesn't support UNION or SLEEP functions - Scenario #3: Add new OS command injection example with nslookup Fixes #848 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Philippe Arteau <philippe.arteau@gmail.com> Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Adds proactive defense recommendation to use staged rollouts or canary deployments to limit exposure when a trusted vendor is compromised. Fixes #835 Co-Authored-By: Boyen van Gorp <Boyen86@users.noreply.github.com> 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Merging to add proper links to A02 references section
Pre-launch review fixes: - Fix CWE-525 and CWE-539 links in X01 (pointed to wrong CWE numbers) - Fix "expoitability" typo in 0x02 (should be "exploitability") - Fix "Seurity" typo in A10 (should be "Security") - Clean up footnote formatting in 0x03 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Change default site redirect from 2021 to 2025 as the new current release. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Remove extra_css reference to RC-stylesheet.css now that 2025 is going live. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Fix 'Typos in the 2025 version #898'
…_Modern_Application_Security_Program.md fix 'Typos in the 2025 version #898' Unnecessary space DSOMM (DevSecOps Maturity Model)
…_Modern_Application_Security_Program.md Markdown syntax error (missing closing ']') [OWASP Application Security Verification Standard (ASVS)(https
The following two issues -> three
…Exceptional_Conditions.md \\n at the end of line 84
Update README: update states, links to top10 and leaders list
patch 898: Typos in the 2025 version #898
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
20 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
test