History of OWASP TOP 10

  • OWASP TOP 10 2021

    • A1 Broken Access Control 
    • A2 Cryptographic Failures 
    • A3 Injection
    • A4 Insecure Design
    • A5 Security Misconfiguration
    • A6 Vulnerable and Outdated Components
    • A7 Identification and Authentication Failures
    • A8 Software and Data Integrity Failures
    • A9 Security Logging and Monitoring Failures
    • A10 Server-Side Request Forgery

  • OWASP TOP 10 2017

    • A1 Injection
    • A2 Broken Authentication
    • A3 Sensitive Data Exposure
    • A4 XML External Entities (XXE)
    • A5 Broken Access Control
    • A6 Security Misconfiguration
    • A7 Cross-Site Scripting
    • A8 Insecure Deserialization
    • A9 Using Components with Known Vulnerabilities
    • A10 Insufficient Logging & Monitoring

  • OWASP TOP 10 2013

    • A1 Injection
    • A2 Broken Authentication and Session Management
    • A3 Cross-Site Scripting
    • A4 Insecure Direct Object References
    • A5 Security Misconfiguration
    • A6 Sensitive Data Exposure
    • A7 Missing Function Level Access Control
    • A8 Cross-Site Request Forgery
    • A9 Using Components with Known Vulnerabilities
    • A10 Unvalidated Redirects and Forwards

  • OWASP TOP 10 2010

    • A1 Injection
    • A2 Cross-Site Scripting
    • A3 Broken Authentication and Session Management
    • A4 Insecure Direct Object References
    • A5 Cross-Site Request Forgery
    • A6 Security Misconfiguration
    • A7 Insecure Cryptographic Storage
    • A8 Failure to Restrict URL Access
    • A9 Insufficient Transport Layer Protection
    • A10 Unvalidated Redirects and Forwards

  • OWASP TOP 10 2007

    • A1 Cross Site Scripting (XSS)
    • A2 Injection Flaws
    • A3 Malicious File Execution
    • A4 Insecure Direct Object Reference
    • A5 Cross Site Request Forgery (CSRF)
    • A6 Information Leakage and Improper Error Handling
    • A7 Broken Authentication and Session Management
    • A8 Insecure Cryptographic Storage
    • A9 Insecure Communications
    • A10 Failure to Restrict URL Access

  • OWASP TOP 10 2004

    • A1 Unvalidated Input
    • A2 Broken Access Control
    • A3 Broken Authentication and Session Management
    • A4 Cross Site Scripting
    • A5 Buffer Overflow
    • A6 Injection Flaws
    • A7 Improper Error Handling
    • A8 Insecure Storage
    • A9 Application Denial of Service
    • A10 Insecure Configuration Management

  • OWASP TOP 10 2003

    • A1 Unvalidated Input
    • A2 Broken Access Control
    • A3 Broken Authentication and Session Management
    • A4 Cross Site Scripting
    • A5 Buffer Overflow
    • A6 Injection Flaws
    • A7 Improper Error Handling
    • A8 Insecure Storage
    • A9 Application Denial of Service
    • A10 Insecure Configuration Management