Statistical approach to build OWASP Top Ten list. This repository includes code, data and calculation methodology.
Our proposal is not an official list, but the research work and open methodology that allow everyone to repeat calculations and get similar results.
The data we used is a 4'640'807 public security reports and bulletins from more than 125 sources, including HackerOne bug bounty reports, CVE, NVD, and exploits collections.
- owasp.py - a script that download data from Vulners API and calculate statistics
- owasp.json.part. - two parts of data export (GitHub 25MB limit bypass)
cat owasp.json.part* > owasp.json
python owasp.py
OWASP Top-10 2021. Statistics-based proposal: https://lab.wallarm.com/owasp-top-10-2021-proposal-based-on-a-statistical-data/