Skip to content
Home / Function (NIST CSF 2.0) / PR - Protect / PS - Platform / AppSec

OWASP Top Ten

This document focuses on:

The OWASP Top Ten is a widely recognized list that highlights the ten most critical security risks facing web applications today. Updated every few years by security experts, the list is based on data from hundreds of thousands of real-world applications and reflects the most common and severe vulnerabilities, such as broken access control, cryptographic failures, injection flaws, insecure design, and security misconfigurations. Each entry includes descriptions, examples, and guidance on mitigation, making the OWASP Top Ten an essential resource for developers, security professionals, and organizations aiming to prioritize and improve their web application security practices.

2025 version drafting is in progress


Publication's URL

https://owasp.org/Top10/

Additional documents on this topic



How would you rate this document ?

Click on a star to rate it!

What do you think of this document?

Your email address will not be published. Required fields are marked *