Index · TL;DR
1 min readTL;DR
The OWASP Top 10 is a consensus-driven, periodically updated awareness document that ranks the most critical web application security risks by a blend of incidence data, exploitability, detectability, and business impact. The 2021 edition is the current canonical list: it promoted Broken Access Control to #1 (the most commonly found serious flaw), introduced three new categories shaped by modern architecture and supply-chain reality — Insecure Design (A04), Software and Data Integrity Failures (A08), and Server-Side Request Forgery / SSRF (A10) — and renamed several categories to describe root causes (e.g. "Cryptographic Failures" instead of "Sensitive Data Exposure") rather than symptoms. It is not a compliance checklist or a complete standard; it is a prioritization starting point that pairs well with the OWASP ASVS for verification and the Proactive Controls for building. Treat it as the shared vocabulary every security-aware engineer is expected to know.