The Open Web Application Security Project (OWASP) is a nonprofit foundation that works to improve the security of software. It is the source for developers and technologists to secure the web. One of the most important project run by OWASP is Top 10 document, which outlines the 10 most critical security concerns for web applications. OWASP keeps on updating the list of Top 10 vulnerabilities every few years. The last updated list was last published in year 2021.
OWASP Top 10 represents a broad consensus about the most critical security risks to web applications. If you are a developer, then you should adopt this document and start the process of ensuring that your web applications minimize these risks. Beginning with the OWASP top 10 can be the most effective first step towards developing more secure code. A brief description of top 10 application security risks published in 2021 by OWASP is as follows:
- A01:2021-Broken Access Control: Unauthorized information disclosure, modification, or destruction of all data or performing a business function outside the user’s limits.
- A02:2021-Cryptographic Failures: Unprotected data in transit or rest due to failure of cryptography.
- A03:2021-Injection: Unauthorized access to data using invalid user data
- A04:2021-Insecure Design: Risks related to architectural flaws
- A05:2021-Security Misconfiguration: Compromised servers due to insecure configurations
- A06:2021-Vulnerable and Outdated Components: Vulnerable unsupported
- A07:2021-Identification and Authentication Failures: Compromised user’s identity, authentication, and session management
- A08:2021-Software and Data Integrity Failures: Integrity failure due to untrusted sources
- A09:2021-Security Logging and Monitoring Failures: Undetectable breaches due to insufficient logging
- A10:2021-Server-Side Request Forger: Fetching a remote resource without validating the user-supplied URL
The following figure displays the category mapping between owasp top 2017 & 2021 releases:
Be the first to comment