Skip to content
OWASP TOP 10 2021
- A1 Broken Access Control
- A2 Cryptographic Failures
- A3 Injection
- A4 Insecure Design
- A5 Security Misconfiguration
- A6 Vulnerable and Outdated Components
- A7 Identification and Authentication Failures
- A8 Software and Data Integrity Failures
- A9 Security Logging and Monitoring Failures
- A10 Server-Side Request Forgery
OWASP TOP 10 2017
- A1 Injection
- A2 Broken Authentication
- A3 Sensitive Data Exposure
- A4 XML External Entities (XXE)
- A5 Broken Access Control
- A6 Security Misconfiguration
- A7 Cross-Site Scripting
- A8 Insecure Deserialization
- A9 Using Components with Known Vulnerabilities
- A10 Insufficient Logging & Monitoring
OWASP TOP 10 2013
- A1 Injection
- A2 Broken Authentication and Session Management
- A3 Cross-Site Scripting
- A4 Insecure Direct Object References
- A5 Security Misconfiguration
- A6 Sensitive Data Exposure
- A7 Missing Function Level Access Control
- A8 Cross-Site Request Forgery
- A9 Using Components with Known Vulnerabilities
- A10 Unvalidated Redirects and Forwards
OWASP TOP 10 2010
- A1 Injection
- A2 Cross-Site Scripting
- A3 Broken Authentication and Session Management
- A4 Insecure Direct Object References
- A5 Cross-Site Request Forgery
- A6 Security Misconfiguration
- A7 Insecure Cryptographic Storage
- A8 Failure to Restrict URL Access
- A9 Insufficient Transport Layer Protection
- A10 Unvalidated Redirects and Forwards
OWASP TOP 10 2007
- A1 Cross Site Scripting (XSS)
- A2 Injection Flaws
- A3 Malicious File Execution
- A4 Insecure Direct Object Reference
- A5 Cross Site Request Forgery (CSRF)
- A6 Information Leakage and Improper Error Handling
- A7 Broken Authentication and Session Management
- A8 Insecure Cryptographic Storage
- A9 Insecure Communications
- A10 Failure to Restrict URL Access
OWASP TOP 10 2004
- A1 Unvalidated Input
- A2 Broken Access Control
- A3 Broken Authentication and Session Management
- A4 Cross Site Scripting
- A5 Buffer Overflow
- A6 Injection Flaws
- A7 Improper Error Handling
- A8 Insecure Storage
- A9 Application Denial of Service
- A10 Insecure Configuration Management
OWASP TOP 10 2003
- A1 Unvalidated Input
- A2 Broken Access Control
- A3 Broken Authentication and Session Management
- A4 Cross Site Scripting
- A5 Buffer Overflow
- A6 Injection Flaws
- A7 Improper Error Handling
- A8 Insecure Storage
- A9 Application Denial of Service
- A10 Insecure Configuration Management