You could say that the OWASP Top 10 Proactive Controls is a bit different from other better-known OWASP top ten lists – for example, the ten most critical risks for web applications (“OWASP Top 10”) or APIs (“OWASP API Security Top 10”) – because it goes beyond simply describing potential risks: The Proactive Controls are primarily aimed at developers and provide them with specific measures for developing secure applications.
They also serve to raise awareness among developers of the immense importance of application security.
This first part of the two-part article describes Proactive Controls C1 through C5. The following second part will take a closer look at C6 through C10.