LOGBOOK

HELP

Quiz Entry - updated: 2026.06.20

What is the OWASP Top 10 and what is it used for?

An awareness document ranking the ten most critical web-application security risks, refreshed every few years from real-world breach data — used as a teaching tool and a baseline checklist, not a complete security standard.

A central OWASP Top 10 2021 hub with ten spokes A01 Broken Access Control through A10 SSRF.

* The ten OWASP Top 10 2021 risk categories — a ranked awareness list of the most critical web risks. *

It's deliberately a "top 10," not "everything": by focusing teams on the risks that actually cause the most damage in the wild, it gives developers and managers a shared, prioritized starting point. Each entry pairs a vulnerability class with prevention guidance.

Uses:

  • Education — onboarding developers to the most common ways apps get hacked.
  • Checklist — a minimum bar to review against during development and threat modeling.
  • Common language — when a report says "this is an A01," everyone knows what that means.

Important caveat: it's awareness-level, not exhaustive. Passing "no Top 10 issues" does not mean an app is secure; deeper standards like the OWASP ASVS exist for thorough verification.

Updated periodically (2017 → 2021 → 2025) based on real-world data and industry surveys.

From Quiz: SPRG / OWASP Top 10 | Updated: Jun 20, 2026