OWASP celebrated its 20th anniversary last week with a 24-hour webinar that saw the organization officially launch the top 10 web security vulnerabilities for 2021.
The online conference, which took place on September 24-25, saw speakers from across the globe present on topics including privacy, infosec industry trends, and diversity in the workplace.
During a session on Friday afternoon, Andrew van der Stock, executive director at OWASP, presented the revised top 10 to event attendees.
As previously reported by The Daily Swig , this year’s top 10 contains important changes to how the non-profit categorizes today’s web app threats, which have not been refreshed since 2017.
Addressing these changes, van der Stock told the audience that while injection attacks were once thought to be the number one web security risk, this attack has been downgraded to number three.
In its place is ‘broken access control’, which has moved up from the fifth position to the number-one threat to web app security.