The OWASP Top 10 is a list of the 10 most critical web application security risks. It is a regularly-updated report that is put together by a team of security experts from all over the world. The OWASP Top 10 is a valuable resource for web developers and security professionals who are looking to improve the security of their applications.
The OWASP Top 10 for 2021 is as follows:
A01 - Broken Access Control: This vulnerability occurs when an attacker is able to gain unauthorized access to a system or resource. This can be done by exploiting flaws in the authentication mechanism, by bypassing access controls, or by exploiting vulnerabilities in the application's logic.
A02 - Cryptographic Failures: This vulnerability occurs when an application uses cryptography incorrectly. This can lead to sensitive data being compromised, or to attackers being able to impersonate legitimate users.
A03 - Injection: This vulnerability occurs when an attacker is able to inject malicious code into an application. This can be done by exploiting flaws in the application's input validation, or by exploiting vulnerabilities in the application's logic.
A04 - Insecure Design: This vulnerability occurs when an application is not designed with security in mind. This can lead to a variety of security problems, such as sensitive data being stored in cleartext, or attackers being able to exploit vulnerabilities in the application's logic.
A05 - Security Misconfiguration: This vulnerability occurs when an application is not configured securely. This can lead to a variety of security problems, such as sensitive data being exposed to unauthorized users, or attackers being able to exploit vulnerabilities in the application's configuration.
A06 - Vulnerable and Outdated Components: This vulnerability occurs when an application uses vulnerable or outdated components. This can lead to a variety of security problems, such as attackers being able to exploit vulnerabilities in the components, or sensitive data being compromised.
A07 - Identification and Authentication Failures: This vulnerability occurs when an application does not properly authenticate users. This can lead to attackers being able to impersonate legitimate users, or to sensitive data being compromised.
A08 - Software and Data Integrity Failures: This vulnerability occurs when an application does not properly protect its data from corruption or modification. This can lead to sensitive data being compromised, or to attackers being able to modify the application's logic.
A09 - Security Logging and Monitoring Failures: This vulnerability occurs when an application does not properly log and monitor security events. This can make it difficult to detect and respond to security incidents.
A10 - Server-Side Request Forgery (SSRF): This vulnerability occurs when an attacker is able to trick an application into making a malicious request to another server. This can be used to steal sensitive data, or to launch attacks against other servers.
The OWASP Top 10 is a valuable resource for web developers and security professionals who are looking to improve the security of their applications. By following the recommendations in the OWASP Top 10, you can help to protect your applications from a variety of security threats.
TOP 10 OWASP Top 10 2017
Cross-Site Scripting (XSS**)**
Security Misconfiguration
Sensitive Data Exposure
XML External Entities (XXE)
Broken Function Level Authorization
Using Components with Known Vulnerabilities
Insufficient Logging and Monitoring