Top 10 web application vulnerabilities in 2021–2023
To help companies with navigating the world of web application vulnerabilities and securing their own web applications, the Open Web Application Security Project (OWASP) online community created the OWASP Top Ten. As we followed their rankings, we noticed that the way we ranked major vulnerabilities was different. Being curious, we decided to find out just how big the difference was. That’s why we set up our own rankings that reflected our take on the most widespread and critical web application vulnerabilities as viewed through a prism of eight years’ experience.
We collected the data from a sample of the application security assessment projects our team completed in 2021–2023. Most of the web applications were owned by companies based in Russia, China and the Middle East.
Almost half of the applications (44%) were written in Java, followed by NodeJS (17%) and PHP (12%). More than a third (39%) used the microservice architecture.
