Security in Web Development
A1 Injection
A2 Broken Authentication and Session Management
A3 Cross-Site Scripting (XSS)
A4 Broken access control
A5 Security Misconfiguration
A6 Sensitive Data Exposure
A7 Insufficient Attack Protection
A8 Cross-Site Request Forgery (CSRF)
A9 Using Components with Known Vulnerabilities
A10 Unprotected APIs
Tools OWASP
Zed Attack Proxy
Spidering
Fuzzing
XSS
Test web security
Test all owasp points
http://rockalabs.com
Juankzu