The OWASP Top 10 is an awareness document that highlights the top 10 most critical web application security risks. The risks are in a ranked order based on frequency, severity, and magnitude for impact.
OWASP has maintained this list since 2003, and every few years, they update the list based on advancements in both application development and application security.
The last OWASP Top 10 came out in 2017, and in the intervening 4 years, we've seen a fundamental shift in application security that includes greater emphasis on securing web applications during the ever-evolving development process.
So, what's changed?
OWASP released their new OWASP Top 10 for 2021. Check out the changes below:
 |
| OWASP Top 10: 2017 Vs 2021 |
Examples of the new changes include:
- The introduction of insecure design
- Broadened focus of injections
- Vulnerable and outdated components replace “using components with known vulnerabilities"
Links:
- https://www.rapid7.com/blog/post/2021/09/30/the-2021-owasp-top-10-have-evolved-heres-what-you-should-know/