What is the OWASP 10 Days of Challenges?


Starting on the 13th July 8pm BST, learn one of the OWASP vulnerabilities every day for 10 days in a row. Each challenge will contain guided material to help you understand the topic and a virtual machine you will use to put your knowledge into practice.

  • Free to participate - There is no cost to join, simply sign up to TryHackMe and join the OWASP room.

  • Daily Prizes - 1 day after each challenge, we will randomly select a winner by picking a user who has completed the previous days challenge.

  • Guided - Each challenge will have prior guided material.

The challenges will appear here: https://tryhackme.com/room/owasptop10

What is OWASP Top 10?


The OWASP Top 10 is a label given to vulnerability types that pose the highest risk to a web application. This label is meant to raise awareness for developers and professionals to help create more secure applications.

Daily Schedule


The breakdown of challenges (all of which align with the OWASP top 10) per days are as follows:

Day 1) Injection
Day 2) Broken Authentication
Day 3) Sensitive Data Exposure
Day 4) XML External Entity
Day 5) Broken Access Control
Day 6) Security Misconfiguration
Day 7) Cross-site Scripting
Day 8) Insecure Deserialization
Day 9) Components with Known Vulnerabilities
Day 10) Insufficent Logging & Monitoring