Back to Details

owasp-top-10

Compare original and translation side by side

🇺🇸

Original

English
🇨🇳

Translation

Chinese

OWASP® Top 10 — Skill Entry

OWASP® Top 10 — Skill 入口文档

This 
SKILL.md
is the entrypoint for the OWASP Top 10 skill.
The skill encodes the OWASP Top 10 for Web Applications (2025) as structured, machine-readable references that an agent can query to identify, assess, and remediate web application security risks.
这份
SKILL.md
是OWASP Top 10 Skill的入口文件
该Skill将**适用于Web应用的OWASP Top 10(2025版)**编码为结构化、机器可读的参考资料,Agent可通过查询这些资料来识别、评估和修复Web应用安全风险。

Normative references (Web Top 10)

规范性参考资料(Web Top 10)

  1. 00 Vulnerability Index
  2. 01 Broken Access Control
  3. 02 Security Misconfiguration
  4. 03 Software Supply Chain Failures
  5. 04 Cryptographic Failures
  6. 05 Injection
  7. 06 Insecure Design
  8. 07 Authentication Failures
  9. 08 Software or Data Integrity Failures
  10. 09 Security Logging and Alerting Failures
  11. 10 Mishandling of Exceptional Conditions
  1. 00 漏洞索引
  2. 01 访问控制失效
  3. 02 安全配置错误
  4. 03 软件供应链故障
  5. 04 加密失效
  6. 05 注入攻击
  7. 06 不安全设计
  8. 07 身份验证失效
  9. 08 软件或数据完整性失效
  10. 09 安全日志与告警失效
  11. 10 异常条件处理不当

Skill layout

Skill 结构

  • SKILL.md
    — this file (skill entrypoint).
  • references/
    — the Web Top 10 normative documents. 
    • 00-vulnerability-index.md
      — index of all vulnerability identifiers, categories, and cross-references.
    • 01
      through 
      10
      — one document per vulnerability aligned with OWASP Web Application Security numbering.
  • SKILL.md
    — 本文件(Skill入口文件)。
  • references/
    — Web Top 10规范性文档目录。 
    • 00-vulnerability-index.md
      — 所有漏洞标识符、类别及交叉引用的索引。
    • 01
      10
      系列文档 — 每个漏洞对应一份文档,与OWASP Web应用安全编号保持一致。

Third-Party Attribution

第三方归属声明

Copyright © OWASP Foundation. OWASP® Top 10 (2025) content is derived from works by the OWASP Foundation, licensed under CC BY-SA 4.0 (https://creativecommons.org/licenses/by-sa/4.0/). Source: https://owasp.org/Top10/2025/ Modifications: Vulnerability descriptions restructured into agent-consumable reference documents with added detection and remediation guidance. OWASP® is a registered trademark of the OWASP Foundation. Use does not imply endorsement.
🤖 Crafted with precision by ✨Copilot following brilliant human instruction, then carefully refined by our team of discerning human reviewers.
版权所有 © OWASP基金会。 OWASP® Top 10(2025版)内容源自OWASP基金会的作品,采用CC BY-SA 4.0许可协议(https://creativecommons.org/licenses/by-sa/4.0/)。 来源:https://owasp.org/Top10/2025/ 修改说明:将漏洞描述重构为Agent可使用的参考文档,并添加了检测和修复指南。 OWASP®是OWASP基金会的注册商标,使用并不意味着认可。
🤖 由✨Copilot根据出色的人工指令精心打造,再经过我们专业的人工审核团队细致优化。