⌘Ctrlk

WINDOWS & AD ABOUT ME

HackTheBox & Write-Ups
WEB & API
LINUX, WINDOWS & AD

FILE UPLOAD ATTACKS
OWASP TOP 10: 2025

Powered by GitBook

On this page

OWASP TOP 10: 2025

The OWASP Top 10 is not just a simple checklist of vulnerabilities, but a collection of attack vectors through which a web application might be compromised

A01:2025 – Broken Access Control

Access control
LFI
SSRF
File upload

A02:2025 – Security Misconfiguration

XXE
CORS
HTTP Host Header attacks
Informational disclosure

A03:2025 – Software Supply Chain Failures

Insecure Deserialization
Prototype Pollution

A04:2025 – Cryptographic Failures

Information Disclosure
Authentication
JWT attacks

A05:2025 – Injection

SQL injection
XSS
Comand Injection
NoSQL injection
SSTI

A06:2025 – Insecure Design

Business Logic Vuln
Race Conditions
Web LLM

A07:2025 – Authentication Failures

Authentication
OAuth
JWT attacks

A08:2025 – Software or Data Integrity Failures

Insecure Deserialization
Web Cache Poisoning

A09:2025 – Security Logging and Alerting Failures This is largely a process/defensive failure rather than a specific "exploit" you can practice in a lab. However, Information disclosure labs often rely on verbose error logging which should have been alerted on or suppressed.
A10:2025 – Mishandling of Exceptional Conditions

Information Disclosure
Business Logic vuln
API testing

PreviousFILE UPLOAD ATTACKS

Last updated 1 hour ago