Below you can find an overview of the OWASP Top 10 vulnerabilities. The tables lists all vulnerabilities which have been part of the OWASP Top 10 since its first release in 2004.
| Vulnerability / Risk | 2014 rank | 2010 rank | 2007 rank | 2004 rank |
|---|---|---|---|---|
| Injection | 1 | 1 | 2 | 6 |
| Broken authentication and session management | 2 | 3 | 7 | 3 |
| Cross-site scripting (XSS) | 3 | 2 | 1 | 4 |
| Insecure direct object references | 4 | 4 | 4 | 2 |
| Security misconfiguration | 5 | 6 | 10 | |
| Sensitive Data Exposure (previously "Insecure cryptographic storage") | 6 | 7 | 8 | 8 |
| Missing Function Level Access Control (previously "Failure to restrict URL access") | 7 | 8 | 10 | 2 |
| Cross-site request forgery (CSRF) | 8 | 5 | 5 | |
| Using Known Vulnerable Components | 9 | |||
| Unvalidated redirects and forwards | 10 | 10 | ||
| Insufficient transport layer protection | 9 | 9 | 10 | |
| Malicious file execution | 3 | |||
| Information leakage and improper error handling | 6 | 7 | ||
| Unvalidated input | 1 | |||
| Buffer overflows | 5 | |||
| Denial of service | 9 |