Fill in the OWASP Top 10 (2021) categories.
OWASP Top 10 (2021): A01 Broken Access Control, A02 Cryptographic Failures, A03 Injection, A04 Insecure Design, A05 Security Misconfiguration, A06 Vulnerable and Outdated Components, A07 Identification and Authentication Failures, A08 Software and Data Integrity Failures, A09 Security Logging and Monitoring Failures, A10 Server-Side Request Forgery.
The 2021 list shifted from symptom-based to root-cause-based categories. Broken Access Control rose to #1 (previously #5) because it is consistently the most frequently found real-world flaw. New entries include Insecure Design (missing threat modeling / secure design patterns), Software and Data Integrity Failures (supply-chain and deserialization risks), and Server-Side Request Forgery as a standalone category. Injection, the former #1, dropped to #3 as parameterized queries became mainstream.
References