Below you can find an overview of the OWASP Top 10 vulnerabilities. The tables lists all vulnerabilities which have been part of the OWASP Top 10 since its first release in 2004.
| Vulnerability / Risk | 2010 rank | 2007 rank | 2004 rank |
|---|
| Injection | 1 | 2 | 6 |
| Cross-site scripting (XSS) | 2 | 1 | 4 |
| Broken authentication and session management | 3 | 7 | 3 |
| Insecure direct object references | 4 | 4 | 2 |
| Cross-site request forgery (CSRF) | 5 | 5 | |
| Security misconfiguration | 6 | | 10 |
| Insecure cryptographic storage | 7 | 8 | 8 |
| Failure to restrict URL access | 8 | 10 | 2 |
| Insufficient transport layer protection | 9 | 9 | 10 |
| Unvalidated redirects and forwards | 10 | | |
| Malicious file execution | | 3 | |
| Information leakage and improper error handling | | 6 | 7 |
| Unvalidated input | | | 1 |
| Buffer overflows | | | 5 |
| Denial of service | | | 9 |
