OWASP Top Ten 2021
Web security vulnerabilities are expensive and massively destructive. They can result in identity theft, illegal content ending up on your server, or even having your machine be used to attack other people’s computers. In addition, many of the worst vulnerabilities are not entirely obvious when you are trying to write code to actually accomplish something.
The Open Web Application Security Project (OWASP) is a worldwide not-for-profit organization focused on improving the security of software. OWASP issues software tools and knowledge-based documentation on application security. They put together a document containing the top 10 security vulnerabilities compiled through consensus of security experts from around the world. The goal is to spread awareness and help minimize these risks. Every few years this document is updated.
The OWASP Top Ten are based around the Common Weakness Enumerations (CWE) which is a community developed list of software and hardware weaknesses. It allows for a common language and baseline for identifying vulnerabilities in software and hardware. Each of the Top Ten have multiple CWEs associated with it. Another basis for the Top Ten is the Common Vulnerability and Exposure (CVE) is a list of publicly known security vulnerabilities. The idea behind the CVE is to share information about vulnerability and security patches.
The security landscape is constantly changing. As new frameworks and patches come out to deal with existing issues new issues arise because of them. Taking time to learn about the basics of how attacks work will help you to build more secure applications. This is a high level overview of the ten biggest threats right now, each one could be delved into much further and there are other threats that are not as common but just as serious. Use this as a starting or reentry point for learning more and building more secure applications.