How is the Top 10 Used in Real World

According to Verizon´s 2016 Data Breach Investigations Report, web application attacks are one of the leading causes of data breaches. Still, many organizations find it hard to protect themselves simply because they don´t know where to start.

Can OWASP Top 10 become their starting point?


The OWASP Top 10 is a well-known index of web app security vulnerabilities which is used every day by security professionals. But one thing is missing from the index—how is OWASP Top 10 list used in real life? This Working Session will explore how setting security policies based on OWASP Top 10 vulnerabilities can significantly reduce the risk of a data breach.


  • Collect real-world examples of how companies use the OWASP Top 10
  • Map cases where Top 10 was abused (in its use or in product’s marketing)
  • Normalise data and find patterns
  • Provide recommendations for new Top 10 (aligned to how it is used)


  • Recommendations for Top 10 2017


The target audience for this Working Session is:

• OWASP Top 10 2017 Authors and Contributors • OWASP Community and Industry • Product/Service vendors • Organisations that recommend the use of OWASP Top 10

Working materials


<a href=”>Verizon´s 2016 Data Breach Investigations Report</a> <a href=”>New OWASP Top 10 Reveals Critical Weakness in Application Defenses</a> <a href=”>OWASP Top 10 Breaches</a>

Back to list of all Working Sessions and Tracks

Edit this page here