Read the latest about the OWASP Top Ten from our security experts. Some dive deep into the newest vulnerabilities added to the Top Ten this year, while others talk about what makes the OWASP Top Ten still relevant after all these years.
XML eXternal Entity injection (XXE) is an injection attack that occurs when untrusted XML input referencing an external entity is processed by a weakly configured XML parser. This attack may lead to denial of service, Server Side Request Forgery (SSRF), confidential data disclosure, and other negative impacts. Rather than grouping XXE injection with other injection vulnerabilities (A1), OWASP decided to single this one and give it the number four spot (A4)...
Read More >
The OWASP Top 10 has been leveraged by organizations of all sizes and maturity as an informal Web application standard for over a decade. For it to be relevant though, teams applying it need to understand the goal of the project and risk ranking techniques. The goal of the OWASP Top 10 is not necessarily to identify top vulnerabilities or attacks, but to identify the most serious risks for a broad array of organizations. This is an important distinction because...
Read More >
The OWASP Top Ten is an expert consensus of the most critical risks facing web applications and the teams who are developing them. The primary purpose is to raise awareness and provide a framework for prioritizing your application security efforts. You can use the OWASP Top 10 to address most common attacks and vulnerabilities that expose your organization to attack. Due to the importance of Application Security in reducing overall...
Read More >