A1-Injection A2-Cross Site Scripting (XSS) A3-Broken Authentication and Session Management A4-Insecure Direct Object References A5-Cross Site Request Forgery (CSRF) A6-Security Misconfiguration A7-Insecure Cryptographic Storage A8-Failure to Restrict URL Access A9-Insufficient Transport Layer Protection A10-Unvalidated Redirects and Forwards