Why? OWASP Top Ten is huge, with the "Injection" category covering 33 CWEs alone.
Asking for it in a risk assessment leads to confusion, as most people don’t know where to start. Instead, use it in training materials so developers can identify vulnerabilities on their own.
Comments
Asking for it in a risk assessment leads to confusion, as most people don’t know where to start. Instead, use it in training materials so developers can identify vulnerabilities on their own.