OWASP Top 10: what they really are?

Lesson#1 of 12 in topic Theory


As a great thinker said, you need to know your enemy before making moves.

It doesn't matter, either you wanna hack or defend the website, you need to know the most common types of attacks. That's when the OWASP Top 10 comes in play!     

OWASP is a community of security-related folks, dedicated their lifes to a cybersecurity. 

So you, a fool, need to respect them and give a credit for their work. 

First, you need to visit their 2025 most common web risks page and read it carefully. 

Second, you need to remember at least just a few words from the list below:

  1. Broken Access Control
  2. Security Misconfiguration
  3. Software Supply Chain Failures
  4. Cryptographic Failures
  5. Injection
  6. Insecure Design
  7. Authentication Failures
  8. Software or Data Integrity Failures
  9. Security Logging and Alerting Failures
  10. Mishandling of Exceptional Conditions

I know, that's a lot of work. We don't need to understand all of them for now.

My goal is to show you the way you can start hacking (and defending) websites. 

We're gonna start small - so, my friend, witness the simplest web attack you can imagine in the next lesson.


Next