Back to glossary

OWASP Top 10

A regularly updated report outlining the ten most critical web application security risks.

Categorysecurity

Overview

The OWASP (Open Web Application Security Project) Top 10 is a standard awareness document for developers and web application security. It represents a broad consensus about the most critical security risks to web applications.

Common Risks (from the 2021 list)

  1. Broken Access Control: Users can access data or functions outside of their permissions.
  2. Cryptographic Failures: Sensitive data is not properly protected (formerly Sensitive Data Exposure).
  3. Injection: Malicious data is sent to an interpreter (e.g., SQLi).
  4. Insecure Design: Security flaws resulting from poor architectural choices.
  5. Security Misconfiguration: Improperly configured servers or applications.

Importance

Organizations should adopt this document and start the process of ensuring that their web applications minimize these risks.