OWASP Top 10
If you develop web applications OWASP Top 10 is the leading list of security risks to be on top of. The below image depicts the OWASP Top 10 Web Applicaiton Security Risks to ensure you test for in your SAST or DAST code review efforts. If you don’t perform code review it’s an essential part of catching security and even performance flaws earlier in the SDLC process. Flaws handled in lower regions will cost less to repair than waiting after they are pushed into production. Lastly, Pentesting efforts should also be performed on web applications to ensure every code review fix is validated.
