Open Web Application Security Project https://owasp.org/www-project-top-ten/

  • OWASP Top 10
    • Identifies the 10 most critical web application security risks
    • Widely used in many compliance and regulatory security standards
  • If you are interested in web application development learning to protect against the Top 10 is an important skill

A1 - Injection
A2 - Broken Authentication and Session Management
A3 - Cross-Site Scripting
A4 - Insecure Direct Object Reference
A5 - Security Mis-configuration
A6 - Sensitive Data Exposure
A7 - Missing Function Level Access Control
A8 - Cross-Site Request Forgery
A9 - Using Known Vulnerable Components
A10 - Unvalided redirects


A4 and A7 in 2013 became A5 in 2017 This is because both A4 Insecure Direct Object References and A7 Missing Function Level Access Control relate back to Broken Access Control.