๐Ÿ›ก OWASP Lab
Security Training Platform

OWASP Top 10 Lab

Interactive security training covering the OWASP Web Application Top 10 (2021) and API Security Top 10 (2023). Read the theory, then exploit live vulnerable endpoints to find the flags.

Web Top 10 API Top 10

OWASP Web Top 10

2021

The most critical security risks to web applications.

  1. A01:2021 Broken Access Control
  2. A02:2021 Cryptographic Failures
  3. A03:2021 Injection
  4. A04:2021 Insecure Design
  5. A05:2021 Security Misconfiguration
  6. A06:2021 Vulnerable & Outdated Components
  7. A07:2021 Identification & Authentication Failures
  8. A08:2021 Software & Data Integrity Failures
  9. A09:2021 Security Logging & Monitoring Failures
  10. A10:2021 Server-Side Request Forgery

OWASP API Top 10

2023

The unique security risks of modern APIs.

  1. API1:2023 Broken Object Level Authorization
  2. API2:2023 Broken Authentication
  3. API3:2023 Broken Object Property Level Authorization
  4. API4:2023 Unrestricted Resource Consumption
  5. API5:2023 Broken Function Level Authorization
  6. API6:2023 Unrestricted Access to Sensitive Business Flows
  7. API7:2023 Server Side Request Forgery
  8. API8:2023 Security Misconfiguration
  9. API9:2023 Improper Inventory Management
  10. API10:2023 Unsafe Consumption of APIs
๐Ÿšฉ
Total Flags
22
๐ŸŒ
Web Challenges
10 items, 17 challenges
โšก
API Challenges
10 items, 12 challenges
๐Ÿ“š
Source
owasp.org