Draft of OWASP TOP 10 2021 released for Peer Review
Draft of OWASP Top 10 2021 released for peer review. For those who don't know, OWASP Top 10 is the list of Top 10 security risks found in web applications. The Open Web Application Security Project (OWASP) is a community of security enthusiasts people who have been involved in the development of articles, tools, methodologies, etc.
Three new risks are identified in the draft of OWASP Top 10 2021.
- A04:2021-Insecure Design
- A08:2021-Software and Data Integrity Failures
- A10:2021-Server-Side Request Forgery
Let's compare OWASP Top 10 2017 and the draft of OWASP Top 10 2021:
|OWASP Top 10 2017||OWASP Top 10 2021|
|A1:2017-Injection||A01:2021-Broken Access Control|
|A2:2017-Broken Authentication||A02:2021-Cryptographic Failures|
|A3:2017-Sensitive Data Exposure||A03:2021-Injection|
|A4:2017-XML External Entities (XXE)||A04:2021-Insecure Design (New)|
|A5:2017-Broken Access Control||A05:2021-Security Misconfiguration|
|A6:2017-Security Misconfiguration||A06:2021-Vulnerable and Outdated Components|
|A7:2017-Cross-Site Scripting (XSS)||A07:2021-Identification and Authentication Failures|
|A8:2017-Insecure Deserialization||A08:2021-Software and Data Integrity Failures (New)|
|A9:2017-Using Components with Known Vulnerabilities||A09:2021-Security Logging and Monitoring Failures|
|A10:2017-Insufficient Logging & Monitoring||A10:2021-Server-Side Request Forgery (New)|
For complete details, you can refer to it by clicking on the URL available in the reference.
Subscribe us to receive more such articles updates in your email.
If you have any questions, feel free to ask in the comments section below. Nothing gives me greater joy than helping my readers!
Disclaimer: This tutorial is for educational purpose only. Individual is solely responsible for any illegal act.