Comprehensive OWASP Top 10 reference covering AI, web, cloud, and DevOps security.
A practical resource for development teams.
Click each section to view details.
The 10 most critical security risks for LLM applications with Python code examples
The 10 most critical security risks for AI agent systems with Python code examples
The 10 most critical machine learning security risks with Python code examples
The 10 most critical vulnerabilities with mitigation code examples
The 10 most critical web application security risks with code examples
The 10 most critical cloud-native application security risks with Kubernetes/Terraform examples
The 10 most critical CI/CD pipeline security risks with GitHub Actions/Jenkins examples
The 10 most critical Kubernetes security risks with YAML/Terraform/Helm examples
OAuth 2.0 / JWT / API Key Management
Rate Limiting / Validation / CORS
Burp Suite / ZAP / Postman and more
Checklists / Review Criteria
Vulnerability News / CVE / Trends
Latest from Salt Security / Wallarm / Cequence / Imperva
Fundamental Security Principles
Grant only the minimum permissions needed for API access. Implement Role-Based Access Control (RBAC).
Combine authentication, authorization, input validation, rate limiting, and log monitoring to eliminate single points of failure.
Verify every request. Do not trust access even from internal networks.
Log all API access and ensure anomaly detection and audit trails.
The highest-priority risk from each of the 8 OWASP Top 10 categories covered on this site.
Crafted inputs manipulate LLM behavior, bypassing instructions or extracting sensitive data via direct or indirect injection.
LLM Top 10Attackers manipulate an agent's objectives through crafted inputs, causing it to pursue unintended targets across multiple steps.
Agentic Top 10Adversarial inputs cause ML models to make incorrect predictions, bypassing detection systems and content filters.
ML Top 10Unauthorized access to other users' data by manipulating object IDs. The most frequently occurring API vulnerability.
API Top 10Users act outside intended permissions, leading to unauthorized disclosure, modification, or destruction of data.
Web App Top 10Misconfigured cloud services, containers, and orchestrators are the leading cause of cloud-native breaches.
Cloud Top 10Attackers push malicious code through pipelines without proper review or approval gates, bypassing branch protections.
CI/CD Top 10Containers running as root with excessive privileges and writable filesystems create significant attack surfaces.
K8s Top 10Navigate to each section using the top navigation menu. For newcomers, we recommend reading in this order: OWASP Top 10 → Authentication & Authorization → Rate Limiting.
The information on this site is provided for security awareness and defensive purposes. Use for attack purposes is prohibited. The content is based on information as of 2025.