The OWASP top ten list is a public listing of the ten most potent security risks for web applications. It is maintained by the OWASP foundation, whose community-led projects are open source. OWASP security risks are often categories that cover large groups of conceptually similar CWE vulnerabilities.