What is OWASP (Open Web Application Security Project)

Open Web Application Security Project (OWASP) is a worldwide not-for-profit organization focused on improving the security of software. Their mission is to make software security visible so that individuals and organizations are able to make informed decisions. OWASP provides an unbiased view of software development and does not endorse or recommend commercial products or services.

As part of its mission, OWASP sponsors numerous security-related projects. The OWASP Top 10 Vulnerabilities, last published in 2013, has been a valuable list of criteria by which any Web Application Firewall (WAF) is evaluated, but has major limitations, it only focuses on vulnerabilities in the code, and ignores automated threats from online bots.

OWASP Automated Threat Handbook

To cover the limitations and stay updated to the latest online security threats, OWASP released the first Automated Threat Handbook late 2015, specifically to help organizations better understand and respond to the notable worldwide increase of automated threats from bots. The handbook breaks down the Top 20f automated threats into the following four main categories - Account Credentials, Payment Cardholder Data, Vulnerability Identification, and Other Automated threats.

Organizations looking for a holistic approach to web application security need to not only consider identifying vulnerabilities in web applications and APIs but also protect against the most sought-after attack vector – automated attacks. Here we have covered OWASP Top 20f Automated Threats, their associated risk to online businesses and have shown how InfiSecure can help you fight back.