Security Beginner

What is OWASP Top 10?

A regularly updated list of the ten most critical web application security risks, published by the Open Web Application Security Project.

The OWASP Top 10 is the industry standard for web security awareness. The current list includes Broken Access Control, Cryptographic Failures, Injection, Insecure Design, Security Misconfiguration, Vulnerable Components, Authentication Failures, Data Integrity Failures, Logging Failures, and SSRF.

Organizations use it as a baseline for security testing and compliance. OWASP also provides testing guides, tools (ZAP), and cheat sheets for secure development practices.

Related Terms

Data Loss Prevention (DLP)

A strategy and set of tools that detect and prevent unauthorized transmission of sensitive data outside an organization.

Security Headers

HTTP response headers that instruct browsers to enable security features like XSS protection, framing prevention, and content type enforcement.

CSRF (Cross-Site Request Forgery)

An attack that tricks authenticated users into submitting unwanted requests to a web application they are logged into.

Practices and mechanisms for protecting APIs from unauthorized access, data breaches, and abuse.

XSS (Cross-Site Scripting)

An attack that injects malicious scripts into web pages viewed by other users, potentially stealing data or session tokens.

An authorization framework that allows third-party applications to access user resources without sharing passwords.

View All Security Terms →