OWASP Top 10 – 2021 is the latest version of the OWASP Top 10 list of the most critical web application security risks. It was released in 2021 and includes the following risks:
- Injection: Injection flaws occur when untrusted data is sent to an interpreter as part of a command or query. This can allow attackers to execute arbitrary code or access sensitive data.
- Broken Authentication and Session Management: These risks occur when authentication and session management controls are not properly implemented. This can allow attackers to gain unauthorized access to the application or steal user credentials.
- Broken Access Control: This risk occurs when access control mechanisms are not properly implemented, allowing unauthorized access to sensitive resources.
- Security Misconfiguration: This occurs when an application has insecure default configurations, is not properly protected from known vulnerabilities, or does not follow security best practices.
- Sensitive Data Discovery: This flaw occurs when an application does not properly protect sensitive data, such as credit card numbers or personal information, from unauthorized access or disclosure.
- Insufficient Logging & Monitoring: This risk occurs when an application does not have proper logging and monitoring mechanisms, making it difficult to detect and respond to security incidents.
- Using Components with Known Vulnerabilities: This risk occurs when an application uses components or libraries that have known vulnerabilities. This can expose the application to attacks exploiting those vulnerabilities.
- Unvalidated Redirects & Forwards: This risk occurs when an application does not properly validate user-supplied input when redirecting or forwarding users to other pages or sites.
- Underprotected APIs: This risk occurs when APIs (Application Programming Interfaces) are not properly secured and can be accessed by unauthorized parties.
- Insufficient Cryptography: This risk occurs when an application does not use cryptography properly, leaving sensitive data vulnerable to attack.
It’s important to note that the OWASP Top 10 – 2021 list is not exhaustive, but it’s a good starting point to understand the most common vulnerabilities in web applications and take steps to mitigate them.