The OWASP has been around for a long time and they regularly publish a "Top 10" Web Application Security Risk list. It's amazing (or maybe not) how long some of these have been on the list:
1) Injection
2) Broken Authentication
3) Sensitive Data Exposure
4) XML External Entities (XXE)
5) Broken Access Control
6) Security Misconfigurations
7) Cross-Site Scripting (XSS)
8) Insecure Deserialization
9) Using Components with Known Vulnerabilities
10) Insufficient Logging & Monitoring
Owasp is not a well known foundation. Party due to the imho good choice to avoid its own certification. Real openness, so Foss software and cc-by licensed docs do not match well with scams to earn large amounts of money with trainings and certifications. Owasp community meet-ups and conferences are great. Since barriers to visit are very low, which make it an inclusive security foundation.
Which has been around since 2001. One of the interesting things about the OWASP Top 10 is how many have hung around, albeit often in somewhat different forms, for a very long time.
In my local University, OWASP is the place the teachers quote when it comes to security related things. For same reason great deal of exam quizzes comes from OWASP catalog.
AppSec consultant here.
Most developers being unaware of OWASP is quite possibly the biggest failure of the AppSec community.
OWASP isn't perfect, but it's the most visible,easiest to access appsec standard/community out there.
If devs haven't heard of that, they probably know very little about securing the software they write and that's a massive failing of the entire ecosystem.
1) Injection 2) Broken Authentication 3) Sensitive Data Exposure 4) XML External Entities (XXE) 5) Broken Access Control 6) Security Misconfigurations 7) Cross-Site Scripting (XSS) 8) Insecure Deserialization 9) Using Components with Known Vulnerabilities 10) Insufficient Logging & Monitoring
https://owasp.org/www-project-top-ten/