According to a recent report by OWASP, web application security threats are a significant concern for global enterprises. A Kaspersky research team found that OWASP's rankings differ from their own analysis, emphasizing the need for flexible evaluation based on potential impact and exploitability. The top 10 most common web application security threats include access control issues (70%), sensitive data leaks, SSRF abuse, SQL injection, Cross-Site Scripting (XSS), misconfigured security settings, brute-force attacks, weak passwords, and unpatched known vulnerabilities.

Source: https://dev.to/carrie_luo1/top-10-web-application-security-threats-21b2