The OWASP Top 10 Web Application Security Risks are:
1: Injection
2: Cross-Site Scripting (XSS)
3: Broken Authentication and Session Management
4: Insecure Direct Object References
5: Cross-Site Request Forgery (CSRF)
6: Security Misconfiguration
7: Insecure Cryptographic Storage
8: Failure to Restrict URL Access
9: Insufficient Transport Layer Protection
10: Unvalidated Redirects and Forwards
