LIVE NEWSROOM · --:-- · May 24, 2026
A LIBRARY FOR SECURITY RESEARCHERS

WEB APPLICATION SECURITY

OWASP Top 10.

The ten most critical web application security risks (2021), each explained with examples, prevention, mapped CWE weaknesses, and the free tools to test for it.

A01:2021 Broken Access ControlFailures that let users act outside their intended permissions — viewing, modifying, or deleting data they shouldn’t.… A02:2021 Cryptographic FailuresWeak or missing protection of sensitive data in transit and at rest — previously called “Sensitive Data Exposure.”… A03:2021 InjectionUntrusted input is interpreted as a command or query — SQL, OS command, LDAP injection, and cross-site scripting (XSS).… A04:2021 Insecure DesignFlaws in the architecture and design itself — missing or ineffective security controls that no amount of clean code can… A05:2021 Security MisconfigurationInsecure default settings, incomplete configurations, verbose errors, and unnecessary features left enabled.… A06:2021 Vulnerable and Outdated ComponentsUsing libraries, frameworks, or software with known vulnerabilities or that are no longer maintained.… A07:2021 Identification and Authentication FailuresWeaknesses in confirming user identity — weak passwords, broken session management, and missing MFA.… A08:2021 Software and Data Integrity FailuresCode and infrastructure that fail to protect against integrity violations — unsigned updates, insecure deserialization,… A09:2021 Security Logging and Monitoring FailuresInsufficient logging, monitoring, and alerting that lets breaches go undetected.… A10:2021 Server-Side Request Forgery (SSRF)Flaws that let an attacker make the server send requests to unintended destinations — including internal services and cl…
Scroll to Top