OWASP Top 10

The OWASP Top 10 is a standard awareness document for web application security. It represents a broad consensus about the most critical security risks to web applications, based on data from hundreds of organizations and over 100,000 real-world applications and APIs.

The 2021 OWASP Top 10 includes:

1. A01:2021 - Broken Access Control: Restrictions on authenticated users are not properly enforced
2. A02:2021 - Cryptographic Failures: Failures related to cryptography leading to exposure of sensitive data
3. A03:2021 - Injection: SQL, NoSQL, OS, and LDAP injection vulnerabilities
4. A04:2021 - Insecure Design: Missing or ineffective security controls
5. A05:2021 - Security Misconfiguration: Missing security hardening or improperly configured permissions
6. A06:2021 - Vulnerable and Outdated Components: Using components with known vulnerabilities
7. A07:2021 - Identification and Authentication Failures: Weaknesses in authentication mechanisms
8. A08:2021 - Software and Data Integrity Failures: Code and infrastructure without integrity verification
9. A09:2021 - Security Logging and Monitoring Failures: Insufficient logging and monitoring
10. A10:2021 - Server-Side Request Forgery (SSRF): Applications fetching remote resources without validating URLs

Most WAFs include rule sets specifically designed to protect against OWASP Top 10 vulnerabilities.