What is this OWASP - Explained Like I’m 5 Years Old

Disclaimer:_ I'm learning as I go and don't want to spread misinformation. So if you're well-versed in any of these topics and spot a mistake, please correct me in the comments!_

Come on, I don't want to learn the wrong things either. 😄

SO SHALL WE START:

What is OWASP TOP 10:

So first of all, what is this O-W-A-S-P:

OWASP stands for Open Worldwide Application Security Project. [ https://owasp.org/ ]\

According to wikipedia:

OWASP, the Open Worldwide Application Security Project (formerly Open Web Application Security Project), is an online community that publishes open-source information and resources on IoT, system software and web application security.[5] It is led by a non-profit called The OWASP Foundation.

OK Now what is this OWASP TOP 10 everyone keep talking about:

Let me ask chatGPT : So what's OWASP TOP 10 ]

"The OWASP Top 10 is a widely recognized list of the most critical web application security risks, published by the OWASP. It helps developers, security professionals, and organizations understand and prioritize common vulnerabilities in web applications."

Ok this is too much for me ,

Explain me like an idiot:

"It's a list of 10 common "oopsies" that make websites unsafe, so builders can fix them before bad guys find them."

So first thing first:

→ The OWASP Top 10 is created and maintained by the OWASP

→Who gives them these data : security testing (pentests),bug reports, vulnerability databases,research papers

→How are they ranked:

How often it happens, How easy it is to exploit, How severe the damage is, How widely it appears in real apps

→ The OWASP Top 10 is usually updated about every 3 to 4 years

Conclusion:The OWASP Top 10 is a list of the most common and most impactful web application security risks in the real world and these gets updated when enough new security data, attack trends, and industry feedback show that changes are needed.

I think i am little clear: