Thoughts on the Top 10 OWASP

This year’s OWASP Top 10 has undergone a major restructuring. A few vendors shared their thoughts.

The recently released OWASP Top 10 – a summary of the main attack vectors used by ne’er-do-wells took a somewhat different approach than in previous years. As the report states, “This Top 10 slice is more data-driven than ever, but not blindly. We selected eight of the ten categories from the data provided and two categories from the Top 10 community survey to We do this for a fundamental reason: To look at the data provided is to look into the past. AppSec researchers take the time to find new vulnerabilities and new ways to test them. It takes time. to integrate these tests into tools and processes. we can reliably test a large-scale weakness, years have probably passed. To balance this view, we use a community survey to ask experts in the frontline security and application development, which they see as critical weaknesses that the data may not yet show. “

The report continues: “There are three new categories, four categories with name and scope changes, and some consolidation in the Top 10 for 2021. We have changed the names where necessary to focus on the root cause rather than the the symptom. “

Matias Madou, Co-founder and CTO of Secure Code Warrior Note: “The latest version of the OWASP Top 10 revealed significant upheaval, with injection flaws finally being eliminated from first place in favor of broken access control vulnerabilities. This is great news for sure, but the most important consideration is that the list replaces most unique attack techniques with entire families of vulnerabilities.

“It has become increasingly clear that the basic security design is failing. This gives way to architectural vulnerabilities that can be beneficial to threat actors, especially if they are not addressed after the security flaw in a particular version of an application has been made public.

“The problem is that few engineers receive training that goes beyond the basics. Even fewer are those whose knowledge and practical application extend beyond the localized code-level bugs that are typically introduced by the developer in the first place. For every code weakness found, more complex architectural flaws will go unnoticed by most security technologies, regardless of the number of shields and automated weapons in the arsenal. The updated OWASP Top 10 list proves that developer training horizons need to expand quickly to achieve what bots cannot. “

A spokesperson for Skillsoft agrees, “Knowing that learners increase the amount of safety training they take is valuable, but it begs the question of where they spend their time. Looking at the 10 most frequently taken safety courses so far. ‘Now in 2021, OWASP Top 10 related lessons take the top spot, followed by the fundamentals of cloud security, which could be attributed to the COVID-19 pandemic that has triggered a rapid global transition to the cloud . “

“But,” Madou continues, “like all things worth fighting for, the 2021 list represents a foundation the industry must build on for truly best-in-class security practices – not an end. part, and certainly not something that can happen overnight. The threat landscape is so rapid that there needs to be a deeper, more specific plan to improve developer skills in security. doing so will inevitably result in missed opportunities to remediate threats to an organization.

“If the cybersecurity skills gap is ever to narrow, we need to start expanding the network with developing developer skills and positively impact software security in the face of crazy demand for secure code. “

Also, for readers who want a simplified view of the Top 10 OWASP, Immersive Labs has developed a ‘memory aid. ‘


It’s all about webinars.

Marketing budgets are now focused on webinars combined with lead generation.

If you want to promote a webinar, we recommend at least a campaign 3-4 weeks before your event.

The iTWire campaign will include extensive advertisements on our news site and significant promotion in the newsletter and promotional and editorial news. Plus a video interview of the keynote speaker on iTWire TV which will be used in promotional messages on the iTWire homepage.

Now that we are coming out of Lockdown, iTWire will focus on helping your webinars and campaigns and supporting through partial payments and extended durations, a Webinar Business Booster pack and other support programs. We can also create your advertisements and written content and coordinate your video interview.

We look forward to discussing your campaign goals with you. Please click on the button below.



iTWire TV offers unique value to the technology industry by providing a range of video interviews, news, views and reviews, and also offers vendors the ability to promote your business and marketing messages.

We work with you to develop the message and conduct the product interview or review in a safe and collaborative manner. Unlike other Tech YouTube channels, we create a story around your post and post it on the ITWire homepage, linked to your post.

Additionally, your interview post can be displayed in up to 7 different post views on our site to drive traffic and readers to your video content and downloads. This can be a significant lead generation opportunity for your business.

We also provide 3 videos in one recording / sitting if you need them so that you have a series of videos to promote to your customers. Your sales team can add your emails to the sales materials and footer of their sales and marketing emails.

Get the latest tech news, views, interviews, reviews, product promotions and events. Plus fun videos from our readers and customers.


Comments are closed.