Stacie Farmer

Endlessly learning

OWASP Top 10

2021 Top Ten Web Application Security Risks

OWASP's official 2021 Top Ten list

  1. Broken Access Control
    • moved up to #1 from #4 in 2017
  2. Cryptographic Failures
    • previously known as Sensitive Data Exposure
  3. Injection
    • moved down from #1 in 2017
    • also encompasses XSS now
  4. Insecure Design
    • new category for 2021
  5. Security Misconfiguration
    • combined with XXE for 2021
  6. Vulnerable and Outdated Components
    • previously known as Using Components with Known Vulnerabilities
  7. Identification and Authentication Failures
    • previously known as Broken Authentication
  8. Software and Data Integrity Failures
  9. Security Logging and Monitoring Failures
    • previously known as Insufficient Logging & Monitoring
  10. Server-Side Request Forgery (SSRF)
    • newly added to the top ten in 2021

2017 Top Ten Web Application Security Risks

OWASP's official 2017 Top Ten list

  1. Injection
  2. Broken Authentication
  3. Sensitive Data Exposures
  4. XML External Entities (XXE)
  5. Broken Access Control
  6. Security Misconfiguration
  7. Cross-Site Scripting (XSS)
  8. Insecure Deserialization
  9. Using Components with Known Vulnerabilities
  10. Insufficient Logging & Monitoring