{"id":47624,"date":"2022-09-20T11:42:42","date_gmt":"2022-09-20T09:42:42","guid":{"rendered":"https:\/\/cyberant.com\/owasp-top-10\/"},"modified":"2023-04-12T15:42:38","modified_gmt":"2023-04-12T13:42:38","slug":"owasp-top-10","status":"publish","type":"post","link":"https:\/\/cyberant.com\/en\/owasp-top-10\/","title":{"rendered":"The Owasp Top 10"},"content":{"rendered":"\n<style type=\"text\/css\" data-created_by=\"avia_inline_auto\" id=\"style-css-av-l8a05obf-347d6e6507c32cb6e7ea81ccfae64e26\">\n#top .av_textblock_section.av-l8a05obf-347d6e6507c32cb6e7ea81ccfae64e26 .avia_textblock{\nfont-size:40px;\n}\n<\/style>\n<section  class='av_textblock_section av-l8a05obf-347d6e6507c32cb6e7ea81ccfae64e26 '   itemscope=\"itemscope\" itemtype=\"https:\/\/schema.org\/BlogPosting\" itemprop=\"blogPost\" ><div class='avia_textblock'  itemprop=\"text\" ><h1>The OWASP top 10<\/h1>\n<\/div><\/section>\n\n<style type=\"text\/css\" data-created_by=\"avia_inline_auto\" id=\"style-css-av-o61q7w-accce49c3df790428e0a356151c0164c\">\n#top .hr.hr-invisible.av-o61q7w-accce49c3df790428e0a356151c0164c{\nheight:30px;\n}\n<\/style>\n<div  class='hr av-o61q7w-accce49c3df790428e0a356151c0164c hr-invisible  avia-builder-el-1  el_after_av_textblock  el_before_av_textblock '><span class='hr-inner '><span class=\"hr-inner-style\"><\/span><\/span><\/div>\n\n<style type=\"text\/css\" data-created_by=\"avia_inline_auto\" id=\"style-css-av-l8a05ehf-548020d81690ce57cae78674f4d062c3\">\n#top .av_textblock_section.av-l8a05ehf-548020d81690ce57cae78674f4d062c3 .avia_textblock{\nfont-size:16px;\n}\n<\/style>\n<section  class='av_textblock_section av-l8a05ehf-548020d81690ce57cae78674f4d062c3 '   itemscope=\"itemscope\" itemtype=\"https:\/\/schema.org\/BlogPosting\" itemprop=\"blogPost\" ><div class='avia_textblock'  itemprop=\"text\" ><header class=\"entry-header\">\n<h1 class=\"h2 entry-title\"><\/h1>\n<\/header>\n<div class=\"entry-content\">\n<p id=\"tw-target-text\" class=\"tw-data-text tw-text-large XcVN5d tw-ta\" dir=\"ltr\" data-placeholder=\"Vertaling\"><span lang=\"en\">The OWASP top 10 is a list of the most common vulnerabilities in web applications. The list is periodically updated on the basis of the developments of the past year.<\/span><\/p>\n<p class=\"tw-data-text tw-text-large XcVN5d tw-ta\" dir=\"ltr\" data-placeholder=\"Vertaling\"><strong><span lang=\"en\">What is OWASP?<\/span><\/strong><\/p>\n<p class=\"tw-data-text tw-text-large XcVN5d tw-ta\" dir=\"ltr\" data-placeholder=\"Vertaling\"><span lang=\"en\"><a href=\"https:\/\/www.owasp.org\/index.php\/Main_Page\" target=\"_blank\" rel=\"noopener\">OWASP<\/a>\u00a0is an organization committed to a safer world. OWASP stands for Open Web Application Security Project.<\/span><\/p>\n<p class=\"tw-data-text tw-text-large XcVN5d tw-ta\" dir=\"ltr\" data-placeholder=\"Vertaling\"><strong><span lang=\"en\">What does the OWASP top 10 consist of?<\/span><\/strong><\/p>\n<p class=\"tw-data-text tw-text-large XcVN5d tw-ta\" dir=\"ltr\" data-placeholder=\"Vertaling\"><span lang=\"en\">The most common vulnerabilities according to OWASP are:<\/span><\/p>\n<ol>\n<li>Broken Access Control \u2013 The application does not protect sensitive parts, such as a non-logged-in user who can view sensitive information or a user can change another person\u2019s data<\/li>\n<li>Cryptographic Failures \u2013 Failure to encrypt confidential information or not properly. With the GDPR it is mandatory to protect sensitive data, during transmission and sometimes when storing (such as medical data or credit card data)<\/li>\n<li>Injection \u2013 attackers can inject malicious code. These include, for example,\u00a0<a href=\"https:\/\/cyberant.com\/en\/knowledge-base-item\/what-is-xxs\/\">XSS<\/a>,\u00a0<a href=\"https:\/\/cyberant.com\/en\/knowledge-base-item\/blind-sql-injection\/\">SQL injections<\/a>\u00a0and\u00a0<a href=\"https:\/\/cyberant.com\/en\/knowledge-base-item\/what-is-path-traversal\/\">path traversal<\/a><\/li>\n<li>Insecure Design \u2013 The system architecture is not designed to be secure<\/li>\n<li>Security Misconfiguration \u2013 The system is configured insecurely<\/li>\n<li>Vulnerable and Outdated Components \u2013 The system uses standard components that contain known vulnerabilities. This ensures that the standard known vulnerabilities can also be found in custom applications<\/li>\n<li>Identification and Authentication Failures \u2013 Login vulnerabilities allow attackers to gain access to accounts, including lack of protection against brute-force attacks and allowing passwords like \u201cadmin\/admin\u201d<\/li>\n<li>Software and data integrity failures \u2013 The system assumes that data received can be trusted, for example an update file, without checking whether it has not been modified<\/li>\n<li>Security Logging and Monitoring Failures \u2013 Attackers can go about their business without anyone noticing<\/li>\n<li><a href=\"https:\/\/cyberant.com\/en\/knowledge-base-item\/wat-is-server-side-request-forgery-ssrf\/\">Server Side Request Forgery (SSRF)<\/a>\u00a0\u2013 The application makes a request that it shouldn\u2019t.<\/li>\n<\/ol>\n<p><strong>What\u2019s new in the OWASP top 10 2021 update?<\/strong><\/p>\n<p>The OWASP top 10 has recently been updated. The order has changed and a number of categories have been merged, creating space for new vulnerabilities. The big newcomer (albeit in 10th place) is Server-Side Request Forgery (SSRF). Curious about what SSRF is all about? We explain it in our\u00a0<a href=\"https:\/\/cyberant.com\/en\/knowledge-base-item\/wat-is-server-side-request-forgery-ssrf\/\" target=\"_blank\" rel=\"noopener\">knowledge base article<\/a>.<\/p>\n<picture><source srcset=\"https:\/\/cyberant.com\/wp-content\/webp-express\/webp-images\/doc-root\/wp-content\/uploads\/2020\/08\/mapping-300x83.png.webp 300w, https:\/\/cyberant.com\/wp-content\/webp-express\/webp-images\/doc-root\/wp-content\/uploads\/2020\/08\/mapping-768x212.png.webp 768w, https:\/\/cyberant.com\/wp-content\/webp-express\/webp-images\/doc-root\/wp-content\/uploads\/2020\/08\/mapping-413x114.png.webp 413w, https:\/\/cyberant.com\/wp-content\/webp-express\/webp-images\/doc-root\/wp-content\/uploads\/2020\/08\/mapping.png.webp 936w\" type=\"image\/webp\" sizes=\"(max-width: 600px) 100vw, 600px\" data-lazy-srcset=\"https:\/\/cyberant.com\/wp-content\/webp-express\/webp-images\/doc-root\/wp-content\/uploads\/2020\/08\/mapping-300x83.png.webp 300w, https:\/\/cyberant.com\/wp-content\/webp-express\/webp-images\/doc-root\/wp-content\/uploads\/2020\/08\/mapping-768x212.png.webp 768w, https:\/\/cyberant.com\/wp-content\/webp-express\/webp-images\/doc-root\/wp-content\/uploads\/2020\/08\/mapping-413x114.png.webp 413w, https:\/\/cyberant.com\/wp-content\/webp-express\/webp-images\/doc-root\/wp-content\/uploads\/2020\/08\/mapping.png.webp 936w\" \/><img decoding=\"async\" class=\"centreerimg aligncenter size-medium wp-image-44554 webpexpress-processed entered lazyloaded\" src=\"https:\/\/cyberant.com\/wp-content\/uploads\/2020\/08\/mapping-300x83.png\" sizes=\"(max-width: 600px) 100vw, 600px\" srcset=\"https:\/\/cyberant.com\/wp-content\/uploads\/2020\/08\/mapping-300x83.png 300w, https:\/\/cyberant.com\/wp-content\/uploads\/2020\/08\/mapping-768x212.png 768w, https:\/\/cyberant.com\/wp-content\/uploads\/2020\/08\/mapping-413x114.png 413w, https:\/\/cyberant.com\/wp-content\/uploads\/2020\/08\/mapping.png 936w\" alt=\"OWASP Top 10 mapping\" width=\"600\" height=\"166\" data-lazy-srcset=\"https:\/\/cyberant.com\/wp-content\/uploads\/2020\/08\/mapping-300x83.png 300w, https:\/\/cyberant.com\/wp-content\/uploads\/2020\/08\/mapping-768x212.png 768w, https:\/\/cyberant.com\/wp-content\/uploads\/2020\/08\/mapping-413x114.png 413w, https:\/\/cyberant.com\/wp-content\/uploads\/2020\/08\/mapping.png 936w\" data-lazy-sizes=\"(max-width: 600px) 100vw, 600px\" data-lazy-src=\"https:\/\/cyberant.com\/wp-content\/uploads\/2020\/08\/mapping-300x83.png\" data-ll-status=\"loaded\" \/><\/picture>\n<p class=\"tw-data-text tw-text-large XcVN5d tw-ta\" dir=\"ltr\" data-placeholder=\"Vertaling\"><strong><span lang=\"en\">Am I safe if I do not have any vulnerabilities from the OWASP top 10?<\/span><\/strong><\/p>\n<p class=\"tw-data-text tw-text-large XcVN5d tw-ta\" dir=\"ltr\" data-placeholder=\"Vertaling\"><span lang=\"en\">Not necessarily. The top ten are the most common web application vulnerabilities. This means that the vulnerabilities for other assets such as domain controllers, printers or workplaces can be very different. In addition, they are the 10 most common, not the only 10.<\/span><\/p>\n<p class=\"tw-data-text tw-text-large XcVN5d tw-ta\" dir=\"ltr\" data-placeholder=\"Vertaling\"><strong><span lang=\"en\">Is the Website Security Check tested for the OWASP top 10?<\/span><\/strong><\/p>\n<p class=\"tw-data-text tw-text-large XcVN5d tw-ta\" dir=\"ltr\" data-placeholder=\"Vertaling\"><span lang=\"en\">Yes, all CyberAnt products test for the OWASP top 10. In addition, the\u00a0<a href=\"https:\/\/cyberant.com\/en\/website-security-check\/\" rel=\"noopener\">Website security check<\/a>\u00a0also checks for vulnerabilities that are not in the OWASP top 10.<\/span><\/p>\n<p><strong>Does a Pentest check for the OWASP top 10?<\/strong><\/p>\n<p>Yes, the\u00a0<a href=\"https:\/\/cyberant.com\/en\/pentest\/\">pentest<\/a>\u00a0checks for the OWASP top 10, but also for other known vulnerabilities. In addition, we look for vulnerabilities that have not yet been found by anyone, the so-called zero days.<\/p>\n<\/div>\n<div class=\"text-center\">\n<div class=\"post-thumbnail\"><\/div>\n<\/div>\n<\/div><\/section>\n","protected":false},"excerpt":{"rendered":"","protected":false},"author":11,"featured_media":47625,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"inline_featured_image":false,"footnotes":""},"categories":[206,195,216],"tags":[210,211,182,212,213,192,214],"class_list":["post-47624","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cyber-security","category-hacken","category-knowledge-base","tag-broken-access-control-en","tag-cryptographic-failures-en","tag-cyber-security-en","tag-insecure-design-en","tag-open-web-application-security-project-en","tag-owasp-en","tag-security-misconfiguration-en"],"_links":{"self":[{"href":"https:\/\/cyberant.com\/en\/wp-json\/wp\/v2\/posts\/47624","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/cyberant.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/cyberant.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/cyberant.com\/en\/wp-json\/wp\/v2\/users\/11"}],"replies":[{"embeddable":true,"href":"https:\/\/cyberant.com\/en\/wp-json\/wp\/v2\/comments?post=47624"}],"version-history":[{"count":0,"href":"https:\/\/cyberant.com\/en\/wp-json\/wp\/v2\/posts\/47624\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/cyberant.com\/en\/wp-json\/wp\/v2\/media\/47625"}],"wp:attachment":[{"href":"https:\/\/cyberant.com\/en\/wp-json\/wp\/v2\/media?parent=47624"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/cyberant.com\/en\/wp-json\/wp\/v2\/categories?post=47624"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/cyberant.com\/en\/wp-json\/wp\/v2\/tags?post=47624"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}