loading
Loading content
loading
Also known as OWASP Top 10
The OWASP Top Ten ranks the web application risks that matter most, compiled by the Open Worldwide Application Security Project from contributed data and practitioner surveys. Each entry names a category rather than a single bug, for example broken access control, cryptographic failures, or injection, and the project refreshes the list every few years as the threat picture shifts.
The list earns its place as a shared baseline. Security teams use it to scope assessments, compliance frameworks reference it, and engineering teams use it as a training syllabus and a checklist before shipping. It does not claim to be exhaustive: clearing the Top Ten is a floor, not a finished security program, and a serious test goes well beyond it.
For offensive work the categories map to concrete attacks worth running first. Broken access control topped the most recent edition, injection and cross-site scripting remain perennial entries, and together they anchor any web application security review.
In a Trickest workflow you can build a graph where each node targets one Top Ten category across a list of hosts, then aggregate the findings so coverage against the baseline stays visible run over run.
Related terms