A01: Broken Access Control

Access Control - Users acting outside of their intended permissions.

Injection - SQL, NoSQL, OS, and LDAP injection.

Developer Reference

OWASP Top 10 (2025)

Q: A02: Cryptographic Failures

Crypto - Failures related to cryptography (formerly Sensitive Data Exposure).

The most critical security risks to web applications.

The OWASP Top 10 is a standard awareness document for developers and web application security. It represents a broad consensus about the most critical security risks to web applications.

Risk

Users acting outside of their intended permissions.

Access Control

Failures related to cryptography (formerly Sensitive Data Exposure).

Crypto

SQL, NoSQL, OS, and LDAP injection.

Injection

From Injection to Broken Access Control, keeping this list in mind during development is your first line of defense against hackers.

OWASP Top 10 (2025)

Risk

Other References