Application Security
OWASP Top 10 Reference
Search OWASP Top 10 2021 categories by name, attack type, or vulnerability class. Each category includes attack examples, root causes, and prevention mitigations.
No data is transmitted โ everything runs locallyTool
About this tool
OWASP Top 10 Reference
The OWASP Top 10 Reference is a searchable index of the 2021 OWASP Top 10 with attack examples, root causes, and mitigations for each category.
โข Look up the OWASP category for an IDOR vulnerability before writing a finding
โข Find which OWASP Top 10 category covers security misconfiguration
โข Reference OWASP A03 injection examples for a code review checklist
โข Check which OWASP category applies to a missing authorization check
Next step
Credential Rotation Gap Calculator โ Estimate the backlog created when actual credential rotation lags written policy because each rotation wave carries r...
Open Credential Rotation Gap Calculator โ
FAQ
What does this tool tell you?
The OWASP Top 10 Reference is a searchable index of the 2021 OWASP Top 10 with attack examples, root causes, and mitigations for each category.
What affects the result most?
A01:2021 Broken Access Control: IDOR, privilege escalation, missing authorization checks. A02:2021 Cryptographic Failures: cleartext data, weak ciphers, improper key management. A03:2021 Injection: SQL, LDAP, OS command, XPath injection โ parameterized queries prevent SQL.
How should I use the result?
Use this tool to orient quickly to the concepts, field names, or values you are about to look up in a full specification or vendor documentation. It summarizes the common cases; the authoritative source remains whichever standard or vendor doc defines the values themselves.