Security News > 2021 > September > OWASP Top 10 2021: The most serious web application security risks

"We get data from organizations that are testing vendors by trade, bug bounty vendors, and organizations that contribute internal testing data. Once we have the data, we load it together and run a fundamental analysis of what CWEs map to risk categories," the Open Web Application Security Project explains.

The reason for leaving space for direct input from application security and development experts on the front lines is the fact that it takes time to find ways to test new vulnerabilities, and they can offer knowledge on essential weaknesses that the contributed data may not show yet.

"A new category for 2021 focuses on risks related to design and architectural flaws, with a call for more use of threat modeling, secure design patterns, and reference architectures. As a community we need to move beyond 'shift-left' in the coding space to pre-code activities that are critical for the principles of Secure by Design," OWASP noted.

This means we need to change our approach to application security," Sean Wright, Principal Application Security Engineer at Immersive Labs, told Help Net Security.

We need to empower developers to bake security into their design, code, and support efforts, and equip teams with the knowledge to effectively utilize technologies to deliver more secure applications.

Adopting a hybrid human/technology approach to resolving these vulnerabilities will put us in a powerful position to elevate application security and, hopefully, resolve some of the most impactful issues from the last two decades.

News URL

http://feedproxy.google.com/~r/HelpNetSecurity/~3/rjJ2iEK6mXY/