Use the Top 10 list as a checklist when reviewing your web app's security before launch.
Reference the 2025 edition to train your team on the most critical security risks affecting modern web applications.
Compare your application against the OWASP Top 10 during a security audit to identify gaps.
| owasp/top10 | madhuakula/kubernetes-goat | lingdong-/shan-shui-inf | |
|---|---|---|---|
| Stars | 5,636 | 5,635 | 5,631 |
| Language | HTML | HTML | HTML |
| Setup difficulty | easy | hard | easy |
| Complexity | 1/5 | 4/5 | 2/5 |
| Audience | developer | ops devops | designer |
Figures from each repo's GitHub metadata at analysis time.
This repository is the official home for the OWASP Top 10, a widely cited list of the ten most critical security risks affecting web applications. OWASP stands for the Open Worldwide Application Security Project, a nonprofit that produces free security guidance used by developers, auditors, and organizations around the world. The Top 10 list is updated periodically based on data collected from real-world vulnerabilities and security assessments, and many companies treat it as a baseline reference when evaluating or improving the security of their software. The current edition is the OWASP Top 10:2025, released as the final version. The 2021 edition is also available here, now marked as superseded. Older editions from 2017 are archived in PDF and PowerPoint format for historical reference. The repository holds the source files used to build the published documents. Readers who want to study the Top 10 list itself are directed to the OWASP website, not to raw files in this repository. The project is led by five co-leaders who accept feedback, comments, and reported issues through GitHub. This is a documentation repository with no code to install or run. The README is sparse and mainly provides links to the published editions and the leadership team's contact information. Anyone interested in web application security, whether a developer, a PM, or a founder, would find the published documents more useful than browsing this repository directly.
The OWASP Top 10 is the official list of the ten most critical web application security risks, published by the nonprofit OWASP and used worldwide as a baseline reference by developers, auditors, and organizations evaluating their software security.
Mainly HTML. The stack also includes HTML.
Documentation repository, no software license details are provided in the explanation.
Setup difficulty is rated easy, with roughly 5min to a first successful run.
Mainly developer.
This repo across BitVibe Labs
Verify against the repo before relying on details.