You have been asked to assess the security of a web application before a broader production rollout. You want to make sure the review is scoped correctly, focused on the highest-risk areas, and tied to clear outcomes rather than becoming an open-ended checklist exercise.
What OWASP Top 10 issues would you look for in a web application security assessment, and how would you prioritize and structure that assessment?