Читать книгу CompTIA Pentest+ Certification For Dummies - Glen E. Clarke - Страница 42

The OWASP Top 10 flaws were updated in 2021. Many of the flaws were relabeled and regrouped, with a few changes to the order of the most common flaws:

 A01:2021-Broken Access Control: Broken access control moved up from the fifth most common flaw in 2017 to the most common flaw in 2021.

 A02:2021-Cryptographic Failures: Previously known as Sensitive Data Exposure in 2017, this common flaw was renamed Cryptographic Failures and was also moved to the second most common web application flaw in 2021.

 A03:2021-Injection: Injection attacks have moved down to the third most common flaw in 2021. This flaw also encompasses the cross-site scripting (XSS) category from 2017.

 A04:2021-Insecure Design: Insecure design is a new category in 2021 and covers risk-related design flaws in applications. This new category looks to improve on the use of threat modeling and secure design patterns and principles during the development of the application.

 A05:2021-Security Misconfiguration: Secure misconfiguration includes the Secure Misconfiguration and XML External Entities (XXE) flaws from the 2017 Top 10 list.

 A06:2021-Vulnerable and Outdated Components: This Top 10 category for 2021 is a relabeled version of the Using Components with Known Vulnerabilities flaw in 2017. Note that this flaw has moved up three spots in 2021!

 A07:2021-Identification and Authentication Failures: This category was known as Broken Authentication in the 2017 Top 10 listing. Note that it has been renamed and also fell to the seventh position in 2021.

 A08:2021-Software and Data Integrity Failures: Another new category for the 2021 Top 10 security flaws list, this flaw pertains to failures when verifying the integrity of components when applying software updates or updates to critical data. Note that Insecure Deserialization from 2017 is included in this category.

 A09:2021-Security Logging and Monitoring Failures: Logging and Monitoring has moved up one position in 2021.

 A10:2021-Server-Side Request Forgery: A new category for the 2021 Top 10 list is Server-Side Request Forgery. This security flaw enables attackers to invoke requests from a vulnerable web application to another system.