A1 – 注入 (Injection)
A2 – 跨站腳本 (Cross Site Scripting (XSS))
A3 – 無效的驗證和會話管理 (Broken Authentication and Session Management)
A4 – 對資源不安全的直接引用 (Insecure Direct Object References)
A5 – 跨站僞造請求 (Cross Site Request Forgery (CSRF))
A6 – 錯誤的安全配置 (Security Misconfiguration) (新加入)
A7 – 失敗的網址訪問權限限制 (Failure to Restrict URL Access)
A8 – 未經驗證的網址重定向 (Unvalidated Redirects and Forwards) (新加入)
A9 – 不安全的密碼存儲 (Insecure Cryptographic Storage)
A10 – 薄弱的傳輸層保護 (Insufficient Transport Layer Protection)