Model: OWASP top 10
September 10th, 2022
OWASP top 10
Open Web Application Security Project
OWASP top 10 - 2013 (Book: release it!)
(src: Book: release it! - Michael Nygard)
2017 added
[x] (4) XML External Entities (XXE)
covered in (2013.1) OWASP Injection by Book: release it!
[ ] (8) Insecure Deserialization
maybe partially mentioned in (2013.10) OWASP Underprotected APIs by Book: release it!
[ ] (10) Insufficient Logging & Monitoring
maybe partially mentioned in (2013.5) OWASP Security Misconfiguration by Book: release it!
maybe partially mentioned in (2013.7) OWASP Insufficient Attack Protection by Book: release it!
2021 added
[ ] (4) Insecure Design
[ ] (8) Software And Data Integrity Failures
[ ] (10) Server-side Request Forgery (SSRF)
OWASP Top 10 - Versions
2010
2013 -> Book: release it! (second edition)
2017
2021
![no description for image available](http://images.ctfassets.net/p2rtto0i6kcn/c8277655-fba8-45b8-8149-25e9934ca7df/89660587c3e44646eee52791599fdb75/default-filename.jpg)
(src: PDF - owasp top 10 (2013))
![no description for image available](http://images.ctfassets.net/p2rtto0i6kcn/3d40934b-13a3-4289-bb3d-a37d29b5c214/51a128b6cc8b37243cd756a1b5705e66/default-filename.jpg)
(src: PDF - owasp top 10 (2017))
![no description for image available](http://images.ctfassets.net/p2rtto0i6kcn/0433dba8-9217-400f-beb0-7482a12c3d6e/4f3ece39d0aed7c41f809a0a9cfe0b37/default-filename.jpg)
This post was referenced in:
- Book: release it! - Michael Nygard
- OWASP Broken Authentication and Session Management
- OWASP Cross Site Scripting (XSS)
- OWASP Broken Access Control
- OWASP Security Misconfiguration
- OWASP Sensitive Data Exposure
- OWASP Cross-Site Request Forgery (CSRF)
- OWASP Underprotected APIs
- OWASP Insufficient Attack Protection
- OWASP Using Components with Known Vulnerabilities