Under active development — Content is continuously updated and improved

Home / Risk Lists / OWASP Top 10

OWASP Top 10 v2025

The OWASP Top 10 is a standard awareness document for web application security risks

This is a reference tool, not an authoritative source. For official documentation, visit owasp.org.

10 risks

Access Control — Risks related to access control

A01Broken Access Control

Authentication — Risks related to authentication

A07Authentication Failures

Configuration — Risks related to configuration

A02Security Misconfiguration

Cryptography — Risks related to cryptography

A04Cryptographic Failures

Design — Risks related to design

A06Insecure Design

Error Handling — Risks related to error handling

A10Mishandling of Exceptional Conditions

Input Validation — Risks related to input validation

Integrity — Risks related to integrity

A08Software or Data Integrity Failures

Logging & Monitoring — Risks related to logging & monitoring

A09Security Logging and Alerting Failures

Supply Chain — Risks related to supply chain

A03Software Supply Chain Failures