The OWASP Top Ten list is a list of the top 10 web application security vulnerabilities compiled and published by the Open Web Application Security Project (OWASP), a non-profit organization focused on improving web application security.
Malicious SQL code in database queries via web forms or other compositions
- SECURITY MISCONFIGURATIONS
Incorrectly configured application security such as file and directory permissions, misconfigured HTTP headers, etc.
incorrect authentication implementations
A web application allows attackers to inject malicious scripts into web pages viewed by other users.
- EXPOSURE OF SENSITIVE DATA
incorrect or deficient application security configuration
- INCORRECT DESERIALIZATION
A web application deserializes untrusted data without proper validation.
An application processes XML untrusted without proper validation
- INADEQUATE ENVIRONMENT CONTROL
Use of components that have known vulnerabilities or have not been properly updated or patched
- INADEQUATE ACCESS CONTROL
Lack of adequate access restrictions.
- REDIRECTION AND OPEN FORWARDING
An application allows attackers to redirect users to malicious sites or perform unauthorized actions.
