The Open Web Application Security Project, a nonprofit organization focused on improving software security.

A weakness in a web application that can be exploited by attackers to gain unauthorized access or cause harm.

Practices aimed at writing code that is resistant to security vulnerabilities and attacks.

A plan of action to address and fix identified vulnerabilities in a web application.

A simulated cyber attack on a web application to identify and exploit vulnerabilities.

A comprehensive evaluation of a web application's security posture, identifying weaknesses and risks.

The process of identifying, quantifying, and prioritizing vulnerabilities in a web application.

The process of identifying potential threats to a web application and assessing their impact.

Software tools used to identify security vulnerabilities in web applications.

A list of the ten most critical web application security risks, published by OWASP.

A vulnerability that allows attackers to inject malicious scripts into web pages viewed by users.

A code injection technique that allows attackers to execute arbitrary SQL queries against a web application's database.

The process of verifying the identity of a user or system before granting access.

The process of determining whether a user has permission to access a resource or perform an action.

The process of converting information into a secure format to prevent unauthorized access.

An incident where unauthorized access to sensitive data occurs.

A formal document that outlines the rules and procedures for maintaining security in an organization.

The process of identifying and evaluating risks associated with vulnerabilities in a web application.

A process that incorporates security at every stage of software development.

A structured approach to managing and mitigating security incidents.

An evaluation of an organization's security policies and controls to ensure compliance and effectiveness.

An automated process that identifies security weaknesses in a web application.

Any event that compromises the confidentiality, integrity, or availability of information.

The measures and practices put in place to protect web applications from threats.

The practice of legally probing systems for vulnerabilities to improve security.

A security device or software that monitors and controls incoming and outgoing network traffic.