OWASP Top 10
A list of the most critical web application security risks, maintained by the Open Web Application Security Project.
In detail
The OWASP Top 10 is the most-cited security checklist for web applications, updated every few years based on data from real breaches. The current version (OWASP Top 10:2021) leads with broken access control, cryptographic failures, injection, insecure design, security misconfiguration, and so on. It is the baseline that any web app, including AI-built ones, should be assessed against. OWASP also publishes a parallel Top 10 for LLM Applications covering AI-specific risks.
Why it matters for Australian business
Every Australian business shipping a web app should know what their app's exposure is against each OWASP category. Most vibe-coded apps fail multiple categories on day one because AI generators do not optimise for these. We use the OWASP Top 10 as the canonical reference for our security audits.