The OWASP Top 10 is a broad consensus about the most critical security risks to web applications. The 2021 update gives guidance to help secure modern web applications and architectures from exploits, abuse, and misconfiguration, as well as recommendations for mitigating new risks involving software supply chains, CI/CD pipelines, and open source software.
Watch the 2021 OWASP Top 10 Lightboard Lesson series on F5 DevCentral for a breakdown of the new OWASP Top 10 and learn:
The Open Web Application Security Project (OWASP) is a nonprofit foundation that works to improve the security of software. OWASP maintains a variety of projects, including the Top 10 web application security risks standard awareness document for developers and security practitioners.
It is critical to confirm identity and use strong authentication and session management to protect against business logic abuse. Most authentication attacks trace to continued use of passwords. Compromised credentials, botnets, and sophisticated tools provide an attractive ROI for automated attacks like credential stuffing.
Without properly logging and monitoring app activities, breaches cannot be detected. Not doing so directly impacts visibility, incident alerting, and forensics. The longer an attacker goes undetected, the more likely the system will be compromised.
SSRF flaws occur when a web app fetches a remote resource without validating the user-supplied URL. Attackers can coerce the app to send a request to an unexpected destination—even if it’s secured by a firewall, VPN, or other network access control list (ACL).