Welcome to the all new OWASP Top 10 2021
On Tuesday, September 8th, 2021, OWASP posted on its website the release of the draft Top 10 Web Application Security Threats document to be reviewed by peers.
All interested parties are encouraged to read through the document to familiarize themselves with the new guidelines set out by OWASP for classifying web application security threats.
It is important for companies creating applications designed for public use to be aware of how their products are perceived in terms of security and privacy concerns by their end users who must work around these issues if they hope to gain or keep customers.
OWASP top 10 2021 release date
The OWASP top 10 2021 target release date is Sept 24, 2021
OWASP top 10 vulnerabilities 2021 explained
This is a significant change from their previous security reports which evaluated current challenges as they were then. The new version also includes protection measures that developers and end users can take to avoid some of these mistakes or respond appropriately to those that do occur. These changes affect the way we look at web application security today and we want to make sure we’re on top of these latest trends by checking out the draft report right now!
What are OWASP Top 10 attacks?
OWASP Top Ten Web Application Security Risks
What’s changed in the OWASP Top 10 for 2021?
OWASP top 10 vulnerabilities list 2021 has three new categories to the list, as well as renamed four categories and made some category consolidation.
What are the new entries of categories in the OWASP Top 10 for 2021?
There are 3 new categories added to the OWASP top 10 list of 2021.
- A04:2021-Insecure Design
- A08:2021-Software and Data Integrity Failures
- A10:2021-Server-Side Request Forgery
Which categories have been renamed in the OWASP Top 10 of 2021?
Which new categories have been consolidated in the OWASP Top 10 2021?
- XML external entities (XXE) are now part of Security Misconfiguration.
- Cross-Site Scripting (XSS) is now part of Injection
- Insecure deserialization has been added to Security Logging and Monitoring Failures
A01 – Broken Access Control replaces A3 – Injection
In the OWASP Top 10 of 2021, Broken Access Control has taken the first spot (partly through the merging of other categories from 2013, namely Insecure direct object references and missing function level access control).
In other words, in the OWASP top 10 list of 2021 Broken Access Control has replaced A3 – Injection.
OWASP Top 10 List of 2021
- A01:2021-Broken Access Control
- A02:2021-Cryptographic Failures
- A03:2021-Injection
- A04:2021-Insecure Design
- A05:2021-Security Misconfiguration
- A06:2021-Vulnerable and Outdated Components
- A07:2021-Identification and Authentication Failures
- A08:2021-Software and Data Integrity Failures
- A09:2021-Security Logging and Monitoring Failures
- A01:2021-Broken Access Control
- A02:2021-Cryptographic Failures
- A03:2021-Injection
- A04:2021-Insecure Design
A05:2021-Security Misconfiguration
A06:2021-Vulnerable and Outdated Components
A07:2021-Identification and Authentication Failures
A08:2021-Software and Data Integrity Failures
A09:2021-Security Logging and Monitoring Failures
Formerly known as A10:2017-Insufficient Logging & Monitoring