Every three years, the Open Web Application Security Project (OWASP) publishes The OWASP Top Ten, highlighting the ten most critical vulnerabilities in contemporary Web Applications. This upcoming series of blog posts will talk a bit about each vulnerability in 2020’s list, how it arises, and how to mitigate it. The list was determined by a broad survey of the industry, and are ranked with consideration to exploitability, prevalence, and ease of detection.
Of course, this isn’t a comprehensive list of possible attacks. I think of the list as a framework for prioritizing security resources, forestalling the most predictable types of attacks, and helping developers and teams find important but “easy” security wins. In 2020, they are:
- Injection
- Broken Authentication
- Sensitive Data Exposure
- XXE (XML External Entities)
- Broken Access Control
- Security Misconfiguration
- XSS (Cross-site Scripting)
- Insecure Deserialization
- Known Vulnerabilities (CVEs)
- Insufficient Logging
I will devote one post to each of these. Stay tuned…