Skip to the content

OWASP (The Open Web Application Security Project) is a not-for-profit worldwide charitable organisation focused on improving the security of web application software. Their mission is to make application security visible, so that people and organisations can make informed decisions about true application security risks. 

They have recently published their updated list of Top 10 Vulnerabilities that impact web applications.  The research is complied from reviewing the security risks of 116,000 applications as well as information obtained from Bug Crowd (Vulnerability Assessment & Bug Bounty Programs organisation).

OWASP rates each risk according to its

  • Attack Vectors (Application Specific & Exploitatability)
  • Security Weakness (Prevalence & Detectability) &
  • Impacts (both Technical & Business)

The OWASP Top 10 list was last updated in 2013, so quite a lot of change since then.

A web application is a very generic term, but basically its everything from your corporate website, eCommerce website, online applications, payment systems, Mobile Apps, API etc.

There are some changes to the previous 2013 list with two entries namely Insecure Direct Object References and Missing Function Level Access Control, merged together into a single category called "Broken Access Control" as well as some new entries XML External Entities XXE, Insecure Deserialization and Insufficient Logging and Monitoring.

OWASP retired Cross-Site Request Forgery (CSRF) along with Unvalidated Redirects and Forward as these are no longer widely an issue in current application development, only appearing in 5% and 8% of applications respectively. 

This is the list of the top 10 OWASP vulnerabilities. 

SQL Injection still remains the top vulnerability.

It's important to understand the relevance of these vulnerabilities and the impact it will could have on your business.


About Bug Crowd

About the author

Nigel Brown

Nigel Brown is the technical director at, with over 20 years of industry knowledge and practical experience with a particular interest in eCommerce, Web Security & Azure Cloud technology.   

The eCommerce market place is still growing and is expected to get even bigger by 2022.
How is your online business performing?

Nigel Brown

Sketrick House
16 Jubilee Road
BT23 8GN

email :
tel : +44 (0)28 9122 5780


What We Do

eCommerce Platform / Digital Marketing / Google Analytics / Corporate Website Development / Web Application Security