Skip to content

About this Project

New Version Available!

You are looking at the legacy 2018 version of the OWASP Top 10 Proactive Controls. The current version is the OWASP Top 10 Proactive Controls 2024!

Insecure software is undermining our financial, healthcare, defense, energy, and other critical infrastructure worldwide. As our digital, global infrastructure gets increasingly complex and interconnected, the difficulty of achieving application security increases exponentially. We can no longer afford to tolerate relatively simple security problems.

Aim & Objective

The goal of the OWASP Top 10 Proactive Controls project (OPC) is to raise awareness about application security by describing the most important areas of concern that software developers must be aware of. We encourage you to use the OWASP Proactive Controls to get your developers started with application security. Developers can learn from the mistakes of other organizations. We hope that the OWASP Proactive Controls is useful to your efforts in building secure software.

Call to Action

Please don’t hesitate to contact the OWASP Proactive Control project with your questions, comments, and ideas, either publicly to our email list or privately to Jim Manico.

This document is released under the Creative Commons Attribution ShareAlike 3.0 license. For any reuse or distribution, you must make it clear to others the license terms of this work.

Project Leaders

  • Katy Anton
  • Jim Bird
  • Jim Manico

Contributors

  • Chris Romeo   | Dan Anderson   | David Cybuck
  • Dave Ferguson | Josh Grossman | Osama Elnaggar
  • Colin Watson   | Rick Mitchell   | And many more…