Cybersecurity › Web Application Security
OWASP Top 10
22 ControlsOWASP Top 10 (2021)
The Open Worldwide Application Security Project (OWASP) Top 10 represents a broad consensus on the most critical security risks to web applications.
A01 - Broken Access Control: Failures related to enforcement of proper authorization.
A02 - Cryptographic Failures: Previously Sensitive Data Exposure.
A03 - Injection: SQLi, NoSQLi, OS Command Injection.
A04 - Insecure Design: Risks related to design and architectural flaws.
A05 - Security Misconfiguration: Insecure default configurations.
A06 - Vulnerable and Outdated Components: Using known vulnerable packages.
A07 - Identification and Authentication Failures: Broken session management.
A08 - Software and Data Integrity Failures: E.g., deserialization flaws, untrusted CI/CD pipelines.
A09 - Security Logging and Monitoring Failures: Insufficient incident detection.
A10 - Server-Side Request Forgery (SSRF): Allowing attackers to force the server to make unauthorized requests.