This document discusses changes to the OWASP Top 10 list between 2010 and 2013. It provides background on OWASP and the purpose of the Top 10 list, which is to raise awareness of the most critical web application security risks. The document outlines the sources and statistics that informed the changes to the 2013 Top 10 list. It summarizes those changes, such as Cross-Site Request Forgery moving down the list while risks related to sensitive data exposure and use of vulnerable components moved up. The conclusion recommends organizations start an application security program, include the OWASP Top 10, follow secure coding practices, and collaborate with Q-CERT.