OWASP publishes the Top 10 – 2021 of web application security risks

The Open Web Application Security Project (OWASP) has published the 2021 edition of its Top 10 draft, which presents the 10 most critical security risks, replacing the previous 2017 version.

In the first position is the risk corresponding to broken access control, following by some changes of position; 4 changes of names/scope and 3 new categories: cryptographic failures, injection, insecure design, security misconfiguration, identification and authentication failures, software and data integrity failures, and security logging and monitoring failures. Finally, the last place corresponds to Server Side Request Forgery (SSRF).