OWASP Top 10: The Usual Suspects
An overview of the most critical web application security risks.
OWASP Top 10: A Rogue's Gallery of Web Risks
The OWASP (Open Web Application Security Project) Top 10 is a standard awareness document for developers and web application security. It represents a broad consensus about the most critical security risks to web applications.
While the specific list evolves, common themes include:
- Injection Flaws (e.g., SQLi, NoSQLi, OS Command Injection)
- Broken Authentication
- Sensitive Data Exposure
- XML External Entities (XXE)
- Broken Access Control
- Security Misconfiguration
- Cross-Site Scripting (XSS)
- Insecure Deserialization
- Using Components with Known Vulnerabilities
- Insufficient Logging & Monitoring
Understanding these risks is the first step to defending against them. We'll dive deeper into many of these throughout this module.