Skip to content

OWASP Top 10 for SME owners

If you have a website or customer portal, this is the list.

The OWASP Top 10 is the recognised industry list of common web application security risks. The original is written for developers. This is a plain-English version for the business owner paying for the website.

A01

Can the wrong person on your website see or change the wrong data?

OWASP A01: Broken access control

A02

Is sensitive data scrambled properly when it's stored or sent?

OWASP A02: Cryptographic failures

A03

Can someone trick your website into running their own commands?

OWASP A03: Injection

A04

Was the website designed to handle attack, or just good behaviour?

OWASP A04: Insecure design

A05

Are your servers and tools properly locked down?

OWASP A05: Security misconfiguration

A06

Is your website built on software with known holes?

OWASP A06: Vulnerable and outdated components

A07

Is your login system actually secure?

OWASP A07: Identification and authentication failures

A08

Can someone tamper with your software or data updates without you noticing?

OWASP A08: Software and data integrity failures

A09

Would you know if your website was being attacked?

OWASP A09: Security logging and monitoring failures

A10

Can someone use your website as a proxy to reach private systems?

OWASP A10: Server-Side Request Forgery (SSRF)