OWASP top 10

The Open Web Application Security Project (OWASP) is a non-profit organization that was founded in 2001 and runs several different projects that promote security in applications. The organization is located all over the world and has over 30,000 members. 

The Open Web Application Security Project

One of OWASP's significant projects is OWASP top 10. This list was published for the first time in 2003 and is updated regularly. The latest version was released in 2018 and is called OWASP top 10 version 2017. The goal of the list is to raise awareness of application security by highlighting some of the most critical risks in web applications that organizations face.

According to the top 10 list, organizations ensure good security by scanning web applications such as websites, intranets, extranets, portals, and other web-based services for vulnerabilities.


Create reports that demonstrate compliance with OWASP top 10 version 2017.

Secure web applications

Make sure no vulnerabilities exist in your web applications with our service Web Application Scanning. 


With our support, we will help you understand all of your vulnerability exposures.

OWASP top 10 categories

A1: Injection

Injection attacks happen when untrusted data is sent to a code interpreter through a form input or some other data submission to a web application.

A2: Broken Authentication

Vulnerabilities in authentication systems can give attackers access to accounts and even the ability to compromise an entire system using an admin account.

A3: Sensitive Data Exposure

Sensitive data exposure occurs when an application, company, or other entity inadvertently exposes personal data.

A4: XML External Entities (XXE)

An XML parser can be duped into sending data to an unauthorized external entity, which can pass sensitive data directly to an attacker.

A5: Broken Access Control

Broken access controls allow attackers to bypass authorization and perform tasks as though they were privileged users such as administrators.

A6: Security Misconfiguration

On this list, security misconfiguration is the most common vulnerability. Is often the result of using default configurations or displaying verbose errors.

A7: Cross-Site Scripting (XSS)

Cross-site scripting vulnerabilities occur when web applications allow users to add custom code into a URL path or onto a website that will be seen by other users.

A8: Insecure Deserialization

Insecure deserialization exploit is the result of deserializing data from untrusted sources and can result in serious consequences like DDoS attacks and remote code execution attacks.

A9: Using Components with Known Vulnerabilities

Attackers can find security holes in components that could leave hundreds of thousands of sites vulnerable to exploitation.

A10: Insufficient Logging and Monitoring

Many web applications are not taking enough steps to detect data breaches. OWASP recommends implementing logging and monitoring of applications.