OWASP 2021 Update

Excerpt

Read what others make wrong in implementing Web Application and Web Service Security.

The Open Web Application Security Project® (OWASP) is a organization that works to improve the security of software.

They provide many resources that can help you implementing a web application the right way and reduce the security risks. Many of them as caused by bad implementations done by engineers.

In 2021 they published a new Top 10 Web Application Security Risks at https://owasp.org/www-project-top-ten/ with some shifts and scope changes resulting in some ups and downs in the list. Here is the brief list of 2021 that shows that it matters what and how engineers do implement:

Broken Access Control
Cryptographic Failures
Injection
Insecure Design
Security Misconfiguration
Vulnerable and Outdated Components
Identification and Authentication Failures
Software and Data Integrity Failures
Security Logging and Monitoring Failures
Server-Side Request Forgery

Also to mention the API Security Top 10 from 2019 https://owasp.org/www-project-api-security/.

This material is a MUST for Web Application and Web Service engineers to be read (and understood).

If you like Cheat Sheets

As the source of this information is available in GitHub you may find all Cheat Sheets there at https://github.com/OWASP/CheatSheetSeries/tree/master/cheatsheets.

Happy reading.

OWASP 2021 Update

If you like Cheat Sheets

Tags