the.com/owasp
the nonprofit that keeps telling programmers their code has a hole in it, and it does.
means a nonprofit foundation that publishes free, community-vetted standards and tools for finding and fixing security flaws in software.
from founded in 2001 as the open web application security project, born from the realization that web apps were shipping full of the same dumb, avoidable bugs.
top 10its famous list of worst web app vulnerabilities
structurenonprofit, vendor-neutral, no product to sell
reachused as a baseline in compliance audits worldwide
costeverything it publishes is free