OWASP
OWASP (Open Worldwide Application Security Project) is an open community project dedicated to improving software security, widely known for its vulnerability risk ranking "OWASP Top 10."
If you have worked in web application security, you have likely encountered the OWASP Top 10. It systematizes vulnerability patterns that developers repeatedly fall into—SQL injection, XSS, authentication flaws—and publishes them as risks to prioritize.
OWASP itself is not a specific tool or vendor but a nonprofit project run by security experts worldwide on a volunteer basis. Beyond the Top 10, it publishes numerous projects including the OWASP Testing Guide, vulnerability assessment methodology (ASVS), and security integration into the development lifecycle (SAMM).
With the spread of generative AI, the OWASP Top 10 for LLM Applications was published. It organizes LLM-specific risks into 10 items, including prompt injection, sensitive information disclosure, and excessive permissions. Unlike traditional web security, inputs are natural language, making attacks that conventional validation cannot prevent a distinctive characteristic.
In the DevSecOps context, integrating OWASP guidelines into CI/CD pipelines to detect vulnerabilities early in the development cycle has become common practice.
Related Terms
AI ROI (Return on Investment in AI)
AI ROI is a metric that quantitatively measures the effects obtained — such as operational efficienc
AI Observability
An operational practice of continuously monitoring and visualizing the inputs/outputs, latency, cost
Ambient AI
Ambient AI refers to an AI system that is seamlessly embedded in the user's environment, continuousl
BPO (Business Process Outsourcing)
BPO refers to a form of outsourcing in which a company delegates specific business processes to an e