OWASP Top 10

Status: draft · Confidence: medium (0.655) · Basis: verified_sources

Quality notes: generic_source_homepage, no_verified_sources, partial_source_verification

## TL;DR

The OWASP Top 10 is the de facto standard for web application security awareness, listing the ten most critical security risks. Updated periodically (last: 2021), it guides security testing, code review, and developer education worldwide. The 2021 edition shifted from vulnerability categories to risk-based categories.

## Core Explanation

2021 Top 10: A01 Broken Access Control, A02 Cryptographic Failures, A03 Injection, A04 Insecure Design, A05 Security Misconfiguration, A06 Vulnerable Components, A07 Auth Failures, A08 Software Integrity Failures, A09 Logging/Monitoring Failures, A10 SSRF. This list represents a broad consensus about critical risks — every web developer should be familiar with it.

## Further Reading

-

## Related Articles

- [OWASP API Security Top 10](../owasp-api-security-top-10.md)