🌐
OWASP
owasp.org › www-project-top-ten
OWASP Top Ten Web Application Security Risks | OWASP Foundation
The OWASP Top 10 is the reference standard for the most critical web application security risks. Adopting the OWASP Top 10 is perhaps the most effective first step towards changing your software development culture focused on producing secure code.
HOME
OWASP Foundation, the Open Source Foundation for Application Security on the main website for The OWASP Foundation. OWASP is a nonprofit foundation that works to improve the security of software.
ABOUT
About the OWASP Foundation on the main website for The OWASP Foundation. OWASP is a nonprofit foundation that works to improve the security of software.
PROJECTS
OWASP Security Shepherd is a web and mobile application security training platform. Security Shepherd has been designed to foster and improve security awareness among a varied skill-set demographic. The aim of this project is to take AppSec novices or experienced engineers and sharpen their penetration testing skillset to security expert status. ... The OWASP Top 10 ...
CHAPTERS
OWASP Local Chapters on the main website for The OWASP Foundation. OWASP is a nonprofit foundation that works to improve the security of software.
Discussions

OWASP 2025 Top 10 for Web Released - What are your thoughts?
Really like how the new OWASP Top 10 reflects today’s realities. The additions around Software Supply Chain Failures and Mishandling of Exceptional Conditions feel right on target. It’s a solid evolution that shows how far the conversation has come beyond just “classic web vulns.” Seeing supply chain risk get that spotlight hits, especially with frameworks like OWASP SPVS are already helping teams get ahead of exactly that. More on reddit.com
🌐 r/cybersecurity
8
82
November 9, 2025
Client asking for OWASP Top 10 Report
If you track your top vulnerabilities, create a Pareto chart mapped into the CWE definitions. More on reddit.com
🌐 r/cybersecurity
8
4
September 6, 2024
Interview question: Do you know what the OWASP top 10 are?
To be blunt, OWASP Top 10 is pretty basic stuff. If you didn't know what that was and you then made an excuse for it I wouldn't hire you either. That is not something just "programmers" should know. but should I know more for the next interview? Yes. Is that enough? Not by a long shot. More on reddit.com
🌐 r/AskNetsec
101
43
October 4, 2018
Top 10 OWASP learning
Portswigger is very good. They go a bit deeper than what you'd need for OSCP but it's a great resource to sharpen your web testing skills. https://portswigger.net/web-security But I think the tryhackme web fundamentals path should cover most of what you need too. More on reddit.com
🌐 r/oscp
7
17
February 21, 2023
🌐
OWASP Foundation
owasp.org › Top10 › 2025 › 0x00_2025-Introduction
Introduction - OWASP Top 10:2025
In this edition of the Top Ten 2025, there are 248 CWEs within the 10 categories. There are a total of 968 CWEs in the downloadable dictionary from MITRE at the time of this release. Similar to what we did for the 2021 edition, we leveraged CVE data for Exploitability and (Technical) Impact. We downloaded OWASP ...
🌐
Oligo Security
oligo.security › academy › breaking-down-owasp-top-10-for-web-apps-mobile-api-k8s-and-llms
Breaking Down OWASP Top 10 for Web Apps, Mobile, API, K8s & LLMs
OWASP has developed several specialized Top 10 lists to address security concerns in specific domains: OWASP Web Application Top 10: Identifies the most critical security risks affecting web applications.
🌐
Kontra
application.security › free › owasp-top-10
OWASP Top 10 for Web - Kontra Application Security
Please note: These free exercises are intended for business users; access requires a business email. KONTRA's developer security training of OWASP Top 10 is inspired by real-world vulnerabilities and case studies, we have created a series of interactive application security training modules ...
🌐
OWASP
owasptopten.org
The OWASP Top Ten 2025
It represents a broad consensus about the most critical security risks to web applications. It was started in 2003 to help organizations and developer with a starting point for secure development. Over the years it's grown into a pseudo standard that is used as a baseline for compliance, education, ...
🌐
Barracuda Networks
barracuda.com › home › glossary › owasp top 10 list
What is the OWASP Top 10 List? | Barracuda Networks
January 28, 2026 - The current Top 10 list as of 2017 include the following website vulnerabilities: A1. Injection · A2. Broken Authentication · A3. Sensitive Data Exposure · A4. XML External Entities (XXE) A5. Broken Access Control · A6. Security Misconfiguration · A7. Cross-Site Scripting (XSS) A8. Insecure Deserialization · A9. Using Components with Known Vulnerabilities · A10. Insufficient Logging and Monitoring · It is important to understand that the OWASP Top 10 is not an exhaustive list of all current vulnerabilities.
Find elsewhere
🌐
Black Duck
blackduck.com › glossary › what-is-owasp-top-10.html
What Is the OWASP Top 10 and How Does It Work? | Black Duck
October 2, 2025 - For everything from online tools ... through its website. The OWASP Top 10 provides rankings of—and remediation guidance for—the top 10 most critical web application security risks....
🌐
HackerOne
hackerone.com › knowledge-center › owasp-top-10-web-app-security-risks
OWASP Top 10 Web App Security Risks | HackerOne
This category was added to the OWASP Top 10 list in 2021 because it was the top vulnerability voted in the OWASP Top 10 Community Survey. An SSRF vulnerability allows an attacker to access data on a remote resource based on an unauthenticated, custom URL.
🌐
Cloudflare
cloudflare.com › learning › security › threats › owasp-top-10
What is OWASP? What Are The OWASP Top 10?
An attacker might, for example, send a request for www.example.com/super-secret-data/, even though web users are not supposed to be able to navigate to that location, and get access to super secret data from the server's response. There are a number of possible mitigations for SSRF attacks, and one of the most important is to validate all URLs coming from clients. Invalid URLs should not result in a direct, raw response from the server. For a more technical and in-depth look at the OWASP Top 10, see the official report.
🌐
Splunk
splunk.com › en_us › blog › learn › owasp-top-10.html
The OWASP Top 10 Explained: Today’s Top Risks in Web Apps and LLMs | Splunk
It outlines the most pressing security vulnerabilities in web applications, serving as a critical guide for organizations to identify and manage potential risks. Understanding and adhering to OWASP Top 10 is not only good cyber practice but ...
🌐
Contrast Security
contrastsecurity.com › glossary › owasp-top-10
What is OWASP Top 10? | What is OWASP?
The Open Web Application Security Project (OWASP) is a worldwide not-for-profit organization focused on improving the security of software. The OWASP Top Ten is a listing of the top ten risk categories for web applications security.
🌐
Cequence Security
cequence.ai › home › owasp top 10 lists: starting point for web & api security
OWASP Top 10 Lists: Starting Point for Web & API Security
April 9, 2024 - The oldest of the OWASP Top 10 lists is the Web Application Security Top 10 and it is designed to address the 10 most critical web application security concerns. Much of this list focusses on protecting the types of applications that interact with via a web browser.
🌐
OWASP Foundation
owasp.org › Top10 › 2021
OWASP Top 10:2021
It represents a broad consensus about the most critical security risks to web applications. Start with the Introduction to learn about the OWASP Top 10:2021.
🌐
Orca Security
orca.security › home › owasp top 10 list
OWASP Top 10: Web App Security Guide | Orca Security
September 19, 2025 - The OWASP Top 10 List is a regularly updated document that identifies the ten most critical web application security risks, based on data collected from security organizations and practitioners worldwide. Published by the Open Web Application Security Project (OWASP), this resource serves as a foundational reference for developers, security teams, and enterprises working to secure web applications.
🌐
F5
f5.com › glossary › owasp
What is OWASP? Intro to OWASP Top 10 Vulnerabilities and Risks | F5
OWASP maintains a list of the ten most critical web application security risks, along with effective processes, procedures, and controls to mitigate them. OWASP also provides a list of the Top 10 API Security Risks to educate those involved in API development and maintenance and increase awareness of common API security weaknesses.
🌐
Aikido
aikido.dev › home › articles › what is owasp top 10?
OWASP Top 10: Easy Guide of the Top Security Risks
January 7, 2026 - Their Top 10 is a widely recognized report that outlines the 10 most critical web application security risks. It’s essentially a checklist of the most common weaknesses that could make your application a target for cyber threats. The OWASP Top 10 is all about risk management...
🌐
Veracode
veracode.com › home › owasp top 10 vulnerabilities
What Are the OWASP Top 10 Vulnerabilities? | Veracode
December 18, 2025 - Q: What is the most common vulnerability today? A: As of the latest update, Broken Access Control (A01) is the most prevalent and severe risk in web applications, now ranked first on the list.