We're happy to celebrate the 20th birthday of the Open Web Application Security Project, one of the major open-source resources helping developers better understand and practice web security. The Foundation is holding right now a 24-hour global event you can attend for free here.
To quote the Foundation, it is “Globally recognized by developers as the first step towards more secure coding.”
The online community has become over the years a reference regarding methodologies, best practices, tools, and open-source intelligence in the field of web application security.
It produces a lot of freely available resources, most notoriously the OWASP Top Ten list which aims to identify what are the most critical risks web companies are facing.
The famous list of the top 10 web applications vulnerabilities just got updated for the first time since 2017. Here is our analysis of the main changes it has undergone:
Spoiler: one of the most notable changes is the Sensitive Data Exposure renaming as Cryptographic Failures, up one place to #2 top vulnerability in the list. The reason invoked is that sensitive data exposure is considered a “broad symptom rather than a root cause”. While not a cryptographic failure, secrets leaked in version control systems belong to this category.
The maintainers are asking for feedback, comments, and peer-reviewing from the OS community. You too can leave your mark and contribute here.
Over the past 20 years, the web security landscape has dramatically evolved, growing along with the very first generation of web applications to the actual high-scale mesh of services in the cloud.
It is fair to say that OWASP has been a beacon for millions of developers to find their way in this increasingly complex application security world and, at GitGuardian, we share this mission and hope to contribute to it as well!
Long live OWASP!