For years, organizations around the world have used the OWASP Top 10 to guide them towards securing web applications, but as the threat landscape evolves and becomes increasingly sophisticated, is it enough?
The short answer is no. OWASP recognises that its Top 10 doesn’t necessarily reflect every important software vulnerability to be addressed and so should organizations. In the 2021 release the methodology selects 8 of the 10 categories from contributed, analysed data and the remaining 2 from a high level industry survey. It takes time to find new vulnerabilities and ways to effectively test them, and often tools used to detect flaws are configured to common vulnerabilities. Secure Code Warrior delves into the OWASP Top 10 to offer a perspective on what organizations should prioritize when building a software security program.