Top Ten Vulnerabilities

The OWASP Top Ten represents a broad consensus about what the most critical web application security flaws are.


The OWASP Top 10 Web Application Security Risks for 2010 are:

  1. Injection
  2. Cross-Site Scripting (XSS)
  3. Broken Authentication and Session Management
  4. Insecure Direct Object References
  5. Cross-Site Request Forgery (CSRF)
  6. Security mis-configuration
  7. Insecure Cryptographic Storage
  8. Failure to Restrict URL Access
  9. Insufficient Transport Layer Protection
  10. Unvalidated Redirects and Forwards