OWASP Reshuffles Its Top 10 List, Adds New Categories
The Open Web Application Security Project reshuffles its list of top threats and released its draft for 2021, putting broken access controls and cryptographic failures at the top and creating three new risk categories. The list, which is updated every three or four years using data analysis, surveys, and public comment, contained a number of surprises. Cross-Site Scripting (XSS), which accounts for about one in every five disclosed vulnerabilities, disappeared from the list, subsumed by the expanded category of Injection flaws. Three new categories were also added, including Insecure Design, which debuts in the No. 4 spot on the list.
K2’s CTO and Co-Founder Jayant Shukla was tapped for commentary on the release of the draft of the Top Web Application Risks.