whatisgithub

What is top10?

owasp/top10 — explained in plain English

Analysis updated 2026-06-26

5,636HTMLAudience · developerComplexity · 1/5Setup · easy

In one sentence

The OWASP Top 10 is the official list of the ten most critical web application security risks, published by the nonprofit OWASP and used worldwide as a baseline reference by developers, auditors, and organizations evaluating their software security.

Mindmap

mindmap
  root((OWASP Top 10))
    What it is
      Security risk list
      Web applications
      Updated periodically
    Editions
      Top 10 2025 final
      Top 10 2021 archived
      Top 10 2017 PDFs
    Audience
      Developers
      Security auditors
      PMs and founders
    How to use
      Security baseline
      Audit checklist
      Developer training
Click or tap to explore — scroll the page freely

Code map

Detail Auto

An interactive map of this repo's files and how they connect — its source is parsed live in your browser. Click Visualize to build it.

filefunction / class

What do people build with it?

USE CASE 1

Use the Top 10 list as a checklist when reviewing your web app's security before launch.

USE CASE 2

Reference the 2025 edition to train your team on the most critical security risks affecting modern web applications.

USE CASE 3

Compare your application against the OWASP Top 10 during a security audit to identify gaps.

What is it built with?

HTML

How does it compare?

owasp/top10madhuakula/kubernetes-goatlingdong-/shan-shui-inf
Stars5,6365,6355,631
LanguageHTMLHTMLHTML
Setup difficultyeasyhardeasy
Complexity1/54/52/5
Audiencedeveloperops devopsdesigner

Figures from each repo's GitHub metadata at analysis time.

How do you get it running?

Difficulty · easy Time to first run · 5min
Documentation repository, no software license details are provided in the explanation.

So what is it?

This repository is the official home for the OWASP Top 10, a widely cited list of the ten most critical security risks affecting web applications. OWASP stands for the Open Worldwide Application Security Project, a nonprofit that produces free security guidance used by developers, auditors, and organizations around the world. The Top 10 list is updated periodically based on data collected from real-world vulnerabilities and security assessments, and many companies treat it as a baseline reference when evaluating or improving the security of their software. The current edition is the OWASP Top 10:2025, released as the final version. The 2021 edition is also available here, now marked as superseded. Older editions from 2017 are archived in PDF and PowerPoint format for historical reference. The repository holds the source files used to build the published documents. Readers who want to study the Top 10 list itself are directed to the OWASP website, not to raw files in this repository. The project is led by five co-leaders who accept feedback, comments, and reported issues through GitHub. This is a documentation repository with no code to install or run. The README is sparse and mainly provides links to the published editions and the leadership team's contact information. Anyone interested in web application security, whether a developer, a PM, or a founder, would find the published documents more useful than browsing this repository directly.

Copy-paste prompts

Prompt 1
What are the OWASP Top 10:2025 security risks and how do I check if my web app is vulnerable to each one?
Prompt 2
My team is building a new web app. Walk me through the OWASP Top 10 risks and give me one mitigation step for each.
Prompt 3
I'm doing a security review. Create a checklist based on the OWASP Top 10:2025 I can use to audit my API endpoints.
Prompt 4
Explain the difference between the OWASP Top 10:2021 and the OWASP Top 10:2025, what changed and why?

Frequently asked questions

What is top10?

The OWASP Top 10 is the official list of the ten most critical web application security risks, published by the nonprofit OWASP and used worldwide as a baseline reference by developers, auditors, and organizations evaluating their software security.

What language is top10 written in?

Mainly HTML. The stack also includes HTML.

What license does top10 use?

Documentation repository, no software license details are provided in the explanation.

How hard is top10 to set up?

Setup difficulty is rated easy, with roughly 5min to a first successful run.

Who is top10 for?

Mainly developer.

Open on GitHub → Ask about another repo

This repo across BitVibe Labs

Verify against the repo before relying on details.