OWASP
owasp.org › www-project-top-ten
OWASP Top Ten Web Application Security Risks | OWASP Foundation
The OWASP Top 10 is the reference standard for the most critical web application security risks. Adopting the OWASP Top 10 is perhaps the most effective first step towards changing your software development culture focused on producing secure code.
HOME
OWASP Foundation, the Open Source Foundation for Application Security on the main website for The OWASP Foundation. OWASP is a nonprofit foundation that works to improve the security of software.
ABOUT
About the OWASP Foundation on the main website for The OWASP Foundation. OWASP is a nonprofit foundation that works to improve the security of software.
PROJECTS
The OWASP Top 10 is the reference standard for the most critical web application security risks.
CHAPTERS
OWASP Local Chapters on the main website for The OWASP Foundation. OWASP is a nonprofit foundation that works to improve the security of software.
OWASP Foundation
owasp.org › Top10 › 2025 › en
OWASP Top 10:2025
Redirecting to OWASP Top 10:2025...
Videos
04:56
OWASP Top 10: Essential Web Application Security Risks to Know ...
Agent security at scale: Protect against the OWASP Top 10 ...
10:15
OWASP top 10 Explained - YouTube
Security Testing 101 | Understanding OWASP Top 10 for ...
24:36
OWASP Top 10 2025: Your complete guide to securing your applications ...
OWASP Foundation
owasp.org › Top10 › 2025 › 0x00_2025-Introduction
Introduction - OWASP Top 10:2025
In this edition of the Top Ten 2025, there are 248 CWEs within the 10 categories. There are a total of 968 CWEs in the downloadable dictionary from MITRE at the time of this release. Similar to what we did for the 2021 edition, we leveraged CVE data for Exploitability and (Technical) Impact. We downloaded OWASP ...
GitHub
github.com › owasp › top10
GitHub - OWASP/Top10: Official OWASP Top 10 Document Repository · GitHub
Official OWASP Top 10 Document Repository. Contribute to OWASP/Top10 development by creating an account on GitHub.
Starred by 5.9K users
Forked by 1.1K users
Languages HTML 93.9% | Shell 2.9% | Python 1.8%
Black Duck
blackduck.com › glossary › what-is-owasp-top-10.html
What Is the OWASP Top 10 and How Does It Work? | Black Duck
October 2, 2025 - The OWASP Top 10 provides rankings of—and remediation guidance for—the top 10 most critical web application security risks. Leveraging the extensive knowledge and experience of the OWASP’s open community contributors, the report is based ...
OWASP Foundation
owasp.org › Top10 › 2021
OWASP Top 10:2021
The OWASP Top 10 is a standard awareness document for developers and web application security.
OWASP
owasp.org › www-project-top-10-for-large-language-model-applications
OWASP Top 10 for Large Language Model Applications | OWASP Foundation
The OWASP Top 10 for Large Language Model Applications continues to be a core component of our work, identifying the most critical security vulnerabilities in LLM applications.
OWASP
owasp.org › www-project-mobile-top-10
OWASP Mobile Top 10 | OWASP Foundation
Based on the analysis, prioritization, and validation, we create the final OWASP Top 10 list. The list includes the most impactful and prevalent mobile application security vulnerabilities, along with information on how to detect and mitigate them.
Barracuda Networks
barracuda.com › home › glossary › owasp top 10 list
What is the OWASP Top 10 List? | Barracuda Networks
January 28, 2026 - The current Top 10 list as of 2017 include the following website vulnerabilities: A1. Injection · A2. Broken Authentication · A3. Sensitive Data Exposure · A4. XML External Entities (XXE) A5. Broken Access Control · A6. Security Misconfiguration · A7. Cross-Site Scripting (XSS) A8. Insecure Deserialization · A9. Using Components with Known Vulnerabilities · A10. Insufficient Logging and Monitoring · It is important to understand that the OWASP Top 10 is not an exhaustive list of all current vulnerabilities.
Checkmarx
checkmarx.com › learn › owasp › owasp-top-10
OWASP Top 10 Vulnerabilities
April 10, 2026 - SQL Injections are at the head of the OWASP Top 10, and occur when a database or other areas of the web app where inputs aren’t properly sanitized, allowing malicious or untrusted data into the system to cause harm. SQL injection attacks are simply when data is sent to any form of code interpreter that can be run as a command or in the case of a database – a query.
Google Groups
groups.google.com › g › zaproxy-develop › c › B9cTKIPS65E
OWASP TOP 10 - Active Scanner rules (and coverage in general)
But I was also thinking that, as the OWASP Top 10 basically lists the most critical risks in Web Application, and ZAP is running against WA, then it might be reasonable to suggest that the OWASP Top 10 vulnerabilties are covered as extensively as possible.
OWASP
owasp.org › www-project-top-10-ci-cd-security-risks
OWASP Top 10 CI/CD Security Risks | OWASP Foundation
Presented below are the top 10 CI/CD security risks.
OWASP
owasptopten.org
The OWASP Top Ten 2025
We asked ourselves whether we wanted to go with a single CWE for each "category" in the OWASP Top 10. Based on the contributed data, this is what it could have looked something like: 1. Reachable Assertion 2. Divide by Zero 3. Insufficient Transport Layer Encryption 4.
Snyk Learn
learn.snyk.io › learning-paths › owasp-top-10
OWASP Top 10 | Snyk Learn
January 13, 2026 - OWASP stands for Open Worldwide Application Security Project. This non-profit foundation works to improve software security. They have published a Top 10 list for 2025 that acts as an awareness document for developers.