Skip to content

OWASP Top 10:2021

OWASP Top 10 Logo

Welcome to the OWASP Top 10:2021 documentation.

The OWASP Top 10 is a standard awareness document for developers and web application security. It represents a broad consensus about the most critical security risks to web applications.

Getting Started

Start with the Introduction to learn about the OWASP Top 10:2021.

Use the navigation menu on the left to explore: - Introduction - Notice - How to use the OWASP Top 10 as a standard - How to start an AppSec program with the OWASP Top 10 - About OWASP

The Top 10:2021 List

  1. A01 Broken Access Control
  2. A02 Cryptographic Failures
  3. A03 Injection
  4. A04 Insecure Design
  5. A05 Security Misconfiguration
  6. A06 Vulnerable and Outdated Components
  7. A07 Identification and Authentication Failures
  8. A08 Software and Data Integrity Failures
  9. A09 Security Logging and Monitoring Failures
  10. A10 Server Side Request Forgery (SSRF)

Looking for the 2025 Release Candidate? Visit https://owasp.org/Top10/2025/