The OWASP Top 10 is a regularly updated consensus document published by the Open Web Application Security Project that identifies the ten most critical security risks facing web applications. The list serves as an awareness document and a starting point for organisations to address the most common and impactful web application vulnerabilities, including injection flaws, broken authentication, sensitive data exposure, and security misconfigurations.
The OWASP Top 10 is widely referenced in compliance frameworks, procurement requirements, and secure development standards. Many organisations mandate that their development teams address all OWASP Top 10 categories during the software development lifecycle, and penetration testers use it as a baseline for their assessments. Regular training on OWASP risks is considered essential for any secure development programme.