Security News > 2021 > September > Hey – how did you get in here? Number one app security weakness of 2021 was borked access control, says OWASP

The Open Web App Security Project has released its Top Ten list of vulnerabilities in web software, as part of the general movement to make software less painfully insecure at the design stage.

This year's current number one web app security flaw is Broken Access Control, with OWASP glumly noting: "The 34 CWEs* mapped to Broken Access Control had more occurrences in applications than any other category."

Non-specific examples OWASP cited include failure to validate user credentials for browser-based access to admin pages.

Cryptographic failures were also highlighted by OWASP, coming in at number two on this year's list.

OWASP builds the Top Ten list every year by looking at data from industry about vulnerabilities discovered in web-facing software, combining that with an industry survey asking frontline folk what flaws they've seen over the past year that deserve a wider airing.

Back in 2018 OWASP's then-chairman Martin Knobloch told El Reg that the Top Ten list had been both a blessing and a curse, saying: "A guide on how to validate is not a guide on how to build in security." .

News URL

https://go.theregister.com/feed/www.theregister.com/2021/09/10/owasp_top_ten_appsec_list/