The Open Web Application Security Project (OWASP) has made changes to the OWASP Top 10 for 2021. OWASP is an open community dedicated to enabling organizations to develop, purchase, and maintain applications and APIs that can be trusted.

Since 2003, the OWASP Top 10 has become a world-renowned reference document that details the most critical security risks to web applications. These help organizations and developers to develop secure applications. The Top 10 is a baseline for compliance, education, and vendor tools.

Changes to the OWASP Top 10 for 2021

The Top 10 includes three new categories. Of these, four have seen changes to their names or scope. Furthermore, others have been consolidated to focus on the root cause over the symptom.

Source: OWASP

Top 10:2021 List

A01:2021-Broken Access Control

A02:2021-Cryptographic Failures

A03:2021-Injection

A04:2021-Insecure Design

A05:2021-Security Misconfiguration

A06:2021-Vulnerable and Outdated Components

A07:2021-Identification and Authentication Failures

A08:2021-Software and Data Integrity Failures

A09:2021-Security Logging and Monitoring Failures

A10:2021-Server-Side Request Forgery

Our Web Application Security Essentials training has been updated to align with the recent changes to the OWASP Top 10. In doing so,  the course provides the most up to date knowledge and resources required. This helps participants to identify critical vulnerabilities in web applications. In addition, attendess learn how exploitation works and how to implement the necessary corrective measures.