OWASP Top 10 security vulnerabilities

Discover the OWASP ranking

Open Web Application Security (OWASP) is a mondial non-profit organization that campaigns for the improvement of software security. The aim is to inform individuals as well as companies about the risks related to the security of information systems. The organization functions as a community of professionals who share the same vision. Everyone is free to join the community which today has more than 45,000 members.

OWASP offers a development guide for web applications, which contains the best practices to be adopted during the development phase of a web project. Tools are also made available to Internet users in order to carry out audits of its site.

Detect your OWASP TOP 10 flaws Request a demo

14 days Free trial

No Commitment

Each year OWASP publishes a ranking that identifies the most critical security vulnerabilities. Here is the 2017 ranking :

The Injection : corresponds to the risk of command injection (System, SQL, Shellcode, ...)
Broken Authentification and Session Management : correspond to the risk of breaking or bypassing authentication and session management. Includes session theft or password recovery.
Cross-Site Scripting : corresponds to the XSS either injecting content into a page, causing unwanted actions on a web page. XSS vulnerabilities are particularly widespread among the Web security vulnerabilities.
Broken Access Control : corresponds to security breaches on the rights of authenticated users. Attackers can exploit these flaws to gain access to other users.
Security Misconfiguration : corresponds to the vulnerabilities due to a poor configuration of the Web servers, applications, database or framework.
Sensitive Data Exposure : corresponds to security breaches exposing sensitive data such as passwords, credit card numbers or personal data and the need to encrypt these data.
Insufficient Attack Protection : corresponds to a lack of respect for good safety practices.
Cross-Site Request Forgery (CSRF) : corresponds to the vulnerabilities related to the execution of requests without the knowledge of the user.
Using Components with Known Vulnerabilities : corresponds to the vulnerabilities associated with the use of vulnerable third party components.
Underprotected APIs : Corresponds to the lack of security of applications using APIs (Applications Programming Interface).

Source : owasp.org

Discover our online tools to avoid or detect the Top 10 OWASP vulnerabilities

Security

Avoid being hacked!

Integrity

Watch for any changes!

Cyber Vigilance

Data leaks? Be warned!

Monitoring

Site unavailable? Be alerted!

Free Trial Request a demo

How to detect TOP 10 OWASP vulnerabilities?

Detect security flaws on your website or web application thanks to the Web Vulnerability Scanner of HTTPCS. This online security tool allows you to detect any flaws you have (top 10 OWASP, CVE and other vulnerabilities implemented in the robot) to ensure the best protection of your site on a daily basis. Easily schedule automated audits, discover your vulnerabilities and find out what patches to apply to avoid being hacked.