Injection-A1 :  The A1 vulnerabilities is a injection attacks. In which sending data was infected Like  SQL command which can bypass the authentication.

Broken Authentication and Session Management-A2 : The A-2  vulnerabilities  affect the authentication and session management which is not correctly implemented in the application.  By this flow attacker manipulate  passwords, Cookies,Tokens,Session to exploit the user's datas.

Cross-Site Scripting-A3 : The A-3 vulnerabilities most powerful web application flow in the web application. With the help of A-3 attackers can malicious script to access cookies, session tokens, or other sensitive information.

Indirect direct object reference- A4 :  The A-4 Vulnerabilities the attackers manipulate the direct object references to access authorization, unless an access control check is in place. With this Vulnerabilities  developer expose the implemented file and database.

Security Misconfiguration – A5 : The A-5  Vulnerabilities attack the configuration weaknesses found in application. Most attack by A-5 done on application stack, including the platform, web server, application server, database, and framework. Hacker mostly attack the hard-coded backdoor accounts to access the application.

Sensitive Data Exposure – A6 : The A-6 Vulnerabilities  attack the unprotected sensitive data like credit card and authentication credentials. With help of this hacker can steal the credit card details by encryption it.

Missing Function Level Access Control- A7 : The A-7 Vulnerabilities  attack on access level rights. Applications needs to perform the same access control checks on the server when each function is accessed. If requests are not verified, attackers will be able to forge requests in order to access unauthorized functionality.

Cross-Site Request Forgery (CSRF)- A8 : The A-8 Vulnerabilties  attack the HTTP request which include the session cookies and authentication information.In this attacker force the user to generate the request which make applicatio vulnerable.

Using Components with Known Vulnerabilities – A9 : The A-9  Vulnerabilities  take over the server and do the data lose. In this hacker take the help of libraries, frameworks, and other software modules by taking over the all privileges.

Unvalidated Redirects and Forwards- A10 :  The A-10 vulnerabilities attack  for web applications in which a redirection is performed to a location specified in user-supplied data. By redirecting or forwarding a user to a malicious web site, an attacker could attempt a phishing scam or to steal user credentials.