Videos

John starts out explaining what the OWASP Top 10 is. He highlights themes like risk re-orientation around symptoms and root causes, new risk categories, and modern application architectures. Follow along for a video on each of the Top 10 risks.

94% of tested apps showed some form of broken access control. Failures can result in unauthorized disclosure, modification or destruction of data, and privilege escalation—and lead to account takeover (ATO), data breach, fines, and brand damage.

Cryptographic failures, previously known as "Sensitive Data Exposure", lead to sensitive data exposure and hijacked user sessions. Despite widespread TLS 1.3 adoption, old and vulnerable protocols are still being enabled.

Injection is a broad class of attack vectors where untrusted input alters app program execution. This can lead to data theft, loss of data integrity, denial of service, and full system compromise. Injection is no longer the top risk, but still formidable.

Security needs to be inherent to applications. A secure design can still have implementation defects leading to vulnerabilities. An insecure design can’t be fixed by perfect implementation.

Security Misconfiguration is a major source of cloud breaches. Learn what to do and avoid—as modern app development, software re-use, and architectural sprawl across clouds increases this risk.

Open Source software exploits are behind many of the biggest security incidents. The recent Log4j2 vulnerability is perhaps the most serious risk in this category to date.

It is critical to confirm identity and use strong authentication and session management to protect against business logic abuse. Most authentication attacks trace to continued use of passwords. Compromised credentials, botnets, and sophisticated tools provide an attractive ROI for automated attacks like credential stuffing.

This new risk category focuses on making assumptions related to software updates, critical data, and CI/CD pipelines without verifying integrity. The SolarWinds supply-chain attack is one of the most damaging we've seen.