The OWASP top 10 is a list of the most common vulnerabilities in web applications. The list is periodically updated on the basis of the developments of the past year.
What is OWASP?
OWASP is an organization committed to a safer world. OWASP stands for Open Web Application Security Project. For more information see: https://www.owasp.org/index.php/Main_Page
What does the OWASP top 10 consist of?
The most common vulnerabilities according to OWASP are:
- Injection – attackers can inject malicious code
- Broken authentication – The secure environment contains vulnerabilities
- Sensitive Data Exposure – Sensitive data is available to attackers
- XML External Entities – Type of attack in XML endpoints
- Broken Access control – Logged in users have access to functionality that should be restricted
- Security Misconfiguration – The system is configured insecurely
- Insecure Deserialization – Packed objects are insecure unpacked, allowing attackers to take over the system
- Using Components with known vulnerabilities – The software uses libraries that contain known vulnerabilities
- Insufficient logging and monitoring – Attackers can go about their business undisturbed without anyone noticing
Am I safe if I do not have any vulnerabilities from the OWASP top 10?
Not necessarily. The top ten are the most common web application vulnerabilities. This means that the vulnerabilities for other assets such as domain controllers, printers or workplaces can be very different. In addition, they are the 10 most common, not the only 10.
Is the Website Security Check tested for the OWASP top 10?
Yes, all CyberAnt products test for the OWASP top 10. In addition, the Website Security Check also checks for vulnerabilities that are not in the OWASP top 10.