Model: OWASP top 10
September 10th, 2022
OWASP top 10
Open Web Application Security Project
OWASP top 10 - 2013 (Book: release it!)
(src: Book: release it! - Michael Nygard)
2017 added
[x] (4) XML External Entities (XXE)
covered in (2013.1) OWASP Injection by Book: release it!
[ ] (8) Insecure Deserialization
maybe partially mentioned in (2013.10) OWASP Underprotected APIs by Book: release it!
[ ] (10) Insufficient Logging & Monitoring
maybe partially mentioned in (2013.5) OWASP Security Misconfiguration by Book: release it!
maybe partially mentioned in (2013.7) OWASP Insufficient Attack Protection by Book: release it!
2021 added
[ ] (4) Insecure Design
[ ] (8) Software And Data Integrity Failures
[ ] (10) Server-side Request Forgery (SSRF)
OWASP Top 10 - Versions
2010
2013 -> Book: release it! (second edition)
2017
2021
(src: PDF - owasp top 10 (2013))
(src: PDF - owasp top 10 (2017))
This post was referenced in:
- Book: release it! - Michael Nygard
- OWASP Broken Authentication and Session Management
- OWASP Cross Site Scripting (XSS)
- OWASP Broken Access Control
- OWASP Security Misconfiguration
- OWASP Sensitive Data Exposure
- OWASP Cross-Site Request Forgery (CSRF)
- OWASP Underprotected APIs
- OWASP Insufficient Attack Protection
- OWASP Using Components with Known Vulnerabilities