The primary aim of the OWASP Top 10 is to educate developers, designers, architects, managers, and organizations about the consequences of the most important web application security weaknesses. The Top 10 provides basic techniques to protect against these high risk problem areas – and also provides guidance on where to go from here. Injection Cross Site Scripting (XSS) Cross Site Request Forgery (CSRF) Exposure of Sensitive Data Security Misconfiguration Using Components with Known Vulnerabilities Unvalidated Redirects and Forwards Broken Authentication and Session Management Insecure Direct Object References Missing Function Level Access Control 1) Injection Injection flaws, such as SQL, OS, and LDAP injection occur when untrusted data is sent to an interpreter as part of a command or query. The attacker’s hostile data can trick the interpreter into executing unintended commands or accessing data without proper authorization. 2) Cross Site Scripting (XSS) XS