Web application security is a key concern for any organization that develops or uses web applications. The software security community created the Open Web Application Security Project (OWASP) to help educate developers and security professionals on the latest web application security risks. Tenable has published reports for each OWASP version that has been released (2010,2013,2017, API 2019, and 2021). The individual reports provide organizations the ability to monitor web applications by identifying the top 10 most critical web application security risks as described in OWASP's Top 10 Application Security Risks document for the OWASP version being utilized.
The OWASP Top 10 Application Security Risks document outlines several different aspects of web-based security concerns, such as Cross-Site Scripting attacks (XSS), security misconfigurations, and sensitive data exposure. The focus of the OWASP Top 10 is to reduce risk across the most vulnerable business assets across the internet. Following these guidelines empowers organizations to reduce risk of organizational and consumer data theft.
Administrators need to ensure that their organization is not vulnerable to any of the attacks identified in the OWASP Top 10 Application Security Risks document for the relevant OWASP version being currently being used. Compliance related issues, such as known vulnerable components and insufficient logging, must be remediated to eliminate gaps in an organization's security that are not directly tied to exploitable attacks.
This report covers all aspects of the OWASP Top 10 version being utilized and provides administrators the tools and information needed to aid their efforts. The report contains 10 chapters, each aligned with one of the ten most critical web application risks (A1-A10). The information provides guidance to organizations on the actions necessary to mitigate business risk through strong security practices. The report requirements are Tenable Web App Scanning.
The OWASP Top 10 categories are updated every 3 to 4 years and highlight the most critical web application security vulnerabilities. The following report templates are available and contain sections for each of the listed OWASP Top 10 categories.
- OWASP Categories 2010 - For 2010, the OWASP Top 10 focuses on Injection, Cross-Site Scripting (XSS), and Broken Authentication in the top three positions.
- OWASP Categories 2013 - For 2013, the OWASP Top 10 focuses on Injection, Broken Authentication and Session Management in the top three positions.
- OWASP Categories 2017 - For 2017, the OWASP Top 10 focuses on Injection, Broken Authentication, and Sensitive Data Exposure in the top three positions.
- OWASP Categories API 2019 - For 2019, the OWASP Top 10 focuses on Broken Object Level Authorization, Broken User Authentication, and Excessive Data Exposure in the top three positions.
- OWASP Categories 2021 - For 2021, the OWASP Top 10 focuses on Broken Access Control, Cryptographic Failures, and Injection in the top three positions.