HTTPCSEuropean cybersecurity leader

| About us

OWASP Top 10 security vulnerabilities

Discover the OWASP ranking

Open Web Application Security (OWASP) is a mondial non-profit organization that campaigns for the improvement of software security. The aim is to inform individuals as well as companies about the risks related to the security of information systems. The organization functions as a community of professionals who share the same vision. Everyone is free to join the community which today has more than 45,000 members.

OWASP offers a development guide for web applications, which contains the best practices to be adopted during the development phase of a web project. Tools are also made available to Internet users in order to carry out audits of its site.

Each year OWASP publishes a ranking that identifies the most critical security vulnerabilities. Here is the 2017 ranking :


  1. The Injection : corresponds to the risk of command injection (System, SQL, Shellcode, ...)
  2. Broken Authentification and Session Management : correspond to the risk of breaking or bypassing authentication and session management. Includes session theft or password recovery.
  3. Cross-Site Scripting : corresponds to the XSS either injecting content into a page, causing unwanted actions on a web page. XSS vulnerabilities are particularly widespread among the Web security vulnerabilities.
  4. Broken Access Control : corresponds to security breaches on the rights of authenticated users. Attackers can exploit these flaws to gain access to other users.
  5. Security Misconfiguration : corresponds to the vulnerabilities due to a poor configuration of the Web servers, applications, database or framework.
  6. Sensitive Data Exposure : corresponds to security breaches exposing sensitive data such as passwords, credit card numbers or personal data and the need to encrypt these data.
  7. Insufficient Attack Protection : corresponds to a lack of respect for good safety practices.
  8. Cross-Site Request Forgery (CSRF) : corresponds to the vulnerabilities related to the execution of requests without the knowledge of the user.
  9. Using Components with Known Vulnerabilities : corresponds to the vulnerabilities associated with the use of vulnerable third party components.
  10. Underprotected APIs : Corresponds to the lack of security of applications using APIs (Applications Programming Interface).

Source : owasp.org

To secure your web applications proactively you can use our HTTPCS SECURITY technology which includes our vulnerability scanner as well as a new generation of smart detection tool. This solution is not limited to the OWASP TOP 10 vulnerability. New CVE are implemented in the system daily to ensure the integrity of your data, the protection and availability of your entire application or website. Our experts developed an advanced mapping system able to browse and analyze your whole application, including JavaScript.