OWASP top 10 2021 List vs 2017 | What’s New & What’s Changed

Welcome to the all new OWASP Top 10 2021

On Tuesday, September 8th, 2021, OWASP posted on its website the release of the draft Top 10 Web Application Security Threats document to be reviewed by peers. 

All interested parties are encouraged to read through the document to familiarize themselves with the new guidelines set out by OWASP for classifying web application security threats. 

It is important for companies creating applications designed for public use to be aware of how their products are perceived in terms of security and privacy concerns by their end users who must work around these issues if they hope to gain or keep customers.

OWASP top 10 2021 release date

The  OWASP top 10 2021 target release date is Sept 24, 2021

OWASP top 10 vulnerabilities 2021 explained

This is a significant change from their previous security reports which evaluated current challenges as they were then. The new version also includes protection measures that developers and end users can take to avoid some of these mistakes or respond appropriately to those that do occur. These changes affect the way we look at web application security today and we want to make sure we’re on top of these latest trends by checking out the draft report right now!

What are OWASP Top 10 attacks?

OWASP Top Ten Web Application Security Risks

What’s changed in the OWASP Top 10 for 2021?

OWASP top 10 vulnerabilities list 2021 has three new categories to the list, as well as renamed four categories and made some category consolidation.

What are the new entries of categories in the OWASP Top 10 for 2021?

There are 3 new categories added to the OWASP top 10 list of 2021.

Which categories have been renamed in the OWASP Top 10 of 2021?

Which new categories have been consolidated in the OWASP Top 10 2021?

  • XML external entities (XXE) are now part of Security Misconfiguration. 
  • Cross-Site Scripting (XSS) is now part of Injection
  • Insecure deserialization has been added to Security Logging and Monitoring Failures 

A01 – Broken Access Control replaces A3 – Injection

In the OWASP Top 10 of 2021, Broken Access Control has taken the first spot (partly through the merging of other categories from 2013, namely Insecure direct object references and missing function level access control). 

In other words, in the OWASP top 10 list of 2021 Broken Access Control has replaced A3 – Injection.

OWASP Top 10 List of 2021

A05:2021-Security Misconfiguration

A06:2021-Vulnerable and Outdated Components

A07:2021-Identification and Authentication Failures

A08:2021-Software and Data Integrity Failures

A09:2021-Security Logging and Monitoring Failures

Formerly known as A10:2017-Insufficient Logging & Monitoring

A10:2021-Server-Side Request Forgery

Leave a Comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Scroll to Top