Summary Since 2003, the Open Web Application Security Project curates a list of the top ten security risks for web applications. In making the list, OWASP combines both a data-driven approach to find out current risks, and a survey among practitioners to identify upcoming threats for web applications. Time to have a look at the latest edition to see what's new, what has changed, and to get an up-to-date refresh on how to create secure web applications. We will also discuss whether the list is still relevant, and what is missing from that list. And unlike the list itself, we will focus on PHP.