← Dashboard

OWASP Top 10 Learning

Master the most critical web application security risks

Your Progress

9 of 42 lessons completed

21%
A01

Broken Access Control

Moving up from fifth position, 94% of applications were tested for some form of broken access control.

5 lessons
A02
60%

Cryptographic Failures

Previously known as Sensitive Data Exposure, focuses on failures related to cryptography.

4 lessons
A03
40%

Injection

94% of applications tested for injection, including SQL, NoSQL, OS, and LDAP injection.

6 lessons
A04

Insecure Design

A new category focusing on risks related to design and architectural flaws.

4 lessons
A05

Security Misconfiguration

90% of applications were tested for some form of misconfiguration.

5 lessons
A06

Vulnerable Components

Using components with known vulnerabilities is a common and dangerous practice.

3 lessons
A07

Auth Failures

Confirmation of identity, authentication, and session management vulnerabilities.

5 lessons
A08

Data Integrity Failures

New category focusing on software and data integrity failures.

4 lessons
A09

Logging Failures

Without proper logging and monitoring, breaches cannot be detected.

3 lessons
A10

SSRF

Server-Side Request Forgery flaws occur when fetching remote resources.

3 lessons