Internet is born at the end of the 80’s and Web at the beginning of the 90’s, giving a passive consultation mode on Web sites to the user. At the beginning of the 21th century, Web 2.0, the Web surfer became active and content creator and applications were deployed on the Web. As all the applications, vulnerabilities exist but they are exposed to a bigger population. They may generate problems such as confidential information steal, or application corruption.
This document deals with the top ten most critical security risks identified by Open Web Application Security Project. Each weakness is explained and illustrated by some examples. Rules are given to protect against attacks. These good practices are completed to propose new habits to the developer and protect his applications.