This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit

Conclusion OWASP Top Ten 2004 Project

Jump to: navigation, search


OWASP has assembled this list to raise awareness about web application security. The experts at OWASP have concluded that these vulnerabilities represent a serious risk to agencies and companies that have exposed their business logic to the Internet. Web application security problems are as serious as network security problems, although they have traditionally received considerably less attention. Attackers have begun to focus on web application security problems, and are actively developing tools and techniques for detecting and exploiting them.

This Top Ten list is only a starting point. We believe that these flaws represent the most serious risks to web application security, but there are many other security critical areas that were considered for the list and also represent significant risk to organizations deploying web applications. These include flaws in the areas of:

  • Unnecessary and Malicious Code
  • Broken Thread Safety and Concurrent Programming
  • Unauthorized Information Gathering
  • Accountability Problems and Weak Logging
  • Data Corruption
  • Broken Caching, Pooling, and Reuse

We welcome your feedback on this Top Ten list. Please participate in the OWASP mailing lists and help to improve web application security. Visit to get started.