Security Beginner

What is OWASP Top 10?

A regularly updated list of the ten most critical web application security risks, published by the Open Web Application Security Project.

The OWASP Top 10 is the industry standard for web security awareness. The current list includes Broken Access Control, Cryptographic Failures, Injection, Insecure Design, Security Misconfiguration, Vulnerable Components, Authentication Failures, Data Integrity Failures, Logging Failures, and SSRF.

Organizations use it as a baseline for security testing and compliance. OWASP also provides testing guides, tools (ZAP), and cheat sheets for secure development practices.

Learn More About This Topic

SOC Analyst Fundamentals

Related reading

SOC Analyst Advanced: Incident Response & Forensics

Related reading

Ethical Hacking & Penetration Testing

Related reading

Related Terms

Security Hardening

The process of reducing a system's attack surface by disabling unnecessary services, applying patches, and configuring security controls.

An attack where malicious SQL code is inserted into application queries through user input to access or manipulate the database.

Certificate Pinning

A security technique that associates a host with its expected TLS certificate or public key, preventing man-in-the-middle attacks with fraudulent certificates.

Practices and mechanisms for protecting APIs from unauthorized access, data breaches, and abuse.

Session Hijacking

An attack where an adversary takes over a legitimate user session by stealing or predicting the session identifier.

Secret Management

The practice of securely storing, accessing, and rotating sensitive credentials like API keys, passwords, and certificates.

View All Security Terms →