OWASP (Open Web Application Security) is a charity and non-profit organization. It is a global community dedicated to promoting knowledge to improve web application security. Its mission is to share information and free ways to train and make the right decisions about securing applications for individuals, professionals, universities and government agencies.

OWASP is known for publishing various documents, including the OWASP top 10, of which I will give you a brief description. This is a document that OWASP published the last two times in 2013 and 2017. It includes a list of the top 10 application security risks faced by developers and organizations, with the goal of helping developers and security teams better secure the applications they build and deploy, as well as techniques and best practices for avoiding and fixing vulnerabilities. Most security audits and specialized tools are based on this Top 10.

Here is the 2017 list of the top 10 most common vulnerabilities:

1   Injections
2   Broken Authentication
3   Sensitive Data Exposure
 XML External Entities (XXE)
5   Broken Access Control
6   Security Misconfiguration
7   Cross-Site Scripting (XSS)
8   Insecure Deserialization
9   Using Components with Known Vulnerabilities
10 Insufficient Logging & Monitoring

I provide you with the official link of the OWASP document that you can go through and analyze as you wish. It contains this list, with very detailed explanations, scenarios, as well as countermeasures to apply to secure your web applications. It also contains some links that I invite you to consult.

However, you should know that these are only the 10 main risks for web applications, and that there are many other more or less advanced ones. Don’t hesitate to get information and to consult official websites, books, links, etc. to learn more.

Here is the official document of the OWASP top 10 of 2017 in the original and complete version: https://owasp.org/www-pdf-archive/OWASP_Top_10_2017_RC2_Final.pdf