Nov 6, 2025 · The OWASP Top 10 is a standard awareness document for developers and web application security. It represents a broad consensus about the most critical security risks to web …

Attacks are often confused with vulnerabilities - the attacks listed here describe something that an attacker would do (their actions), rather than a weakness in an application (something like a fault that …

Cross-Site Request Forgery (CSRF) is an attack that forces an end user to execute unwanted actions on a web application in which they’re currently authenticated.

When victims click the link, they unwittingly reflect the malicious content through the vulnerable web application back to their own computers. This mechanism of exploiting vulnerable web applications is …

The Server-Side Includes attack allows the exploitation of a web application by injecting scripts in HTML pages or executing arbitrary codes remotely. It can be exploited through manipulation of SSI in use …

The OWASP Web Security Top 10 primarily focuses on vulnerabilities within applications (e.g., SQL Injection, XSS, Broken Access Control). The OWASP API Security Top 10 tackles risks related to …

SQL Injection is very common with PHP and ASP applications due to the prevalence of older functional interfaces. Due to the nature of programmatic interfaces available, J2EE and ASP.NET applications …

Web applications are subjected to unwanted automated usage – day in, day out. Often these events relate to misuse of inherent valid functionality, rather than the attempted exploitation of unmitigated …

Mobile apps are frequently the client-side of a web app, where the server-side of the web app provides REST services to the mobile app. This project will focus on identifying and organizing a prioritized set …

The goal is to list only incidents that are related to web application layer compromises by threat actors. The goal is to show that application layer security is a risk that cannot be ignored regardless of the …