When it comes to the security of web applications, there are several types of security issues that are both common and responsible for the vast majority of all security issues. These types of issues are known as the OWASP Top 10. This is a list of the 10 most common types of security issues, published by the Open Web Application Security Platform (OWASP). The list is reviewed every few years but has remained quite stable over the last couple of years.

Most of the errors in the OWASP Top 10 can be prevented by implementing automated security tests; either by using static code analysis for security vulnerabilities or with dynamic testing using the OWASP Zed Attack Proxy (OWASP ZAP).