Security News > 2021 > September > OWASP updates top 10 list with decades old security risk in #1 spot
2021 list shows how far application security has come and how much work is left to do.
Security expert and Veracode CTO Chris Wysopal identified broken access control as a security risk in 1996.
Despite the longevity of that risk, Wysopal describes the latest list as on the leading edge of security best practices with the emphasis on monitoring the software supply chain at the macro and micro levels.
Sean Wright, principal application security engineer at Immersive Labs, said the updated list shows how far appsec has come and how far the work still needs to go.
Wright said adopting a hybrid human/technology approach to resolving these vulnerabilities will improve application security and, hopefully, resolve some of the most impactful issues from the last two decades.
Rews said new categories like Insecure Design and Software and Data Integrity Failures reinforce two major industry trends: the move to perform security testing from the early stages of development and the recent focus on software supply chain security.