The Open Web Application Security Project (OWASP) has updated its list of the top 10 most critical Web application security risks. “Change has accelerated over the last four years, and the OWASP Top 10 needed to change,” OWASP wrote. “We’ve completely refactored the OWASP Top 10, revamped the methodology, utilized a new data call process, worked with the community, re-ordered our risks, rewritten each risk from the ground up, and added references to frameworks and languages that are now commonly used.”
The top 10 are as follows:
- Injection
- Broken Authentication
- Sensitive Data Exposure
- XML External Entities (XXE)
- Broken Access Control
- Security Misconfiguration
- Cross-Site Scripting (XSS)
- Insecure Deserialization
- Using Components with Known Vulnerabilities
- Insufficient Logging and Monitoring