OWASP top 10 web application vulnerabilities

Below you can find an overview of the OWASP Top 10 vulnerabilities. The tables lists all vulnerabilities which have been part of the OWASP Top 10 since its first release in 2004.
Vulnerability / Risk2014 rank2010 rank2007 rank2004 rank
Broken authentication and session management2373
Cross-site scripting (XSS)3214
Insecure direct object references4442
Security misconfiguration5610
Sensitive Data Exposure
(previously "Insecure cryptographic storage")
Missing Function Level Access Control
(previously "Failure to restrict URL access")
Cross-site request forgery (CSRF)855
Using Known Vulnerable Components9
Unvalidated redirects and forwards1010
Insufficient transport layer protection9910
Malicious file execution3
Information leakage and improper error handling67
Unvalidated input1
Buffer overflows5
Denial of service9


You might also be interested in...