OWASP Top 10 lists critical web app vulnerabilities: Broken Access Control, Cryptographic Failures, Injection, Insecure Design, Security Misconfiguration, Outdated Components, Authentication Failures, Integrity Failures, Logging Issues, SSRF. Test in bWAPP. - View it on GitHub