DEV Community

Robertino
Robertino

Posted on

πŸ”“ A Tour Through the OWASP Top 10

πŸ” OWASP has issued an update to its list of the top web app security threats. We'll look at the changes and how they impact your web application environment.


October is National Cyber Security Awareness Month. On top of that, OWASP just celebrated its 20th anniversary. To celebrate, we’re going to run through the newly updated OWASP TOP 10 to remind everyone of how you can better protect your applications, your businesses, and your customers from unlawful and damaging cyber attacks. We’ll also be highlighting where the updates were made and why and throw in some tips on how strengthening your identity solution can help mitigate these threats.

The new Top 10 is still a working draft, and OWASP is soliciting feedback on errors and corrections.

What is OWASP?

The Open Web Application Security Project (OWASP) is a non-profit organization that was set up to help raise awareness around web application security and provides guidance on how to incorporate preventative measures into your applications, infrastructure, and internal processes.

They have several projects, including an insecure JavaScript application used for security training, but the one that we’re focusing on today is the newly updated 2021 edition of their list of the top 10 threats to web app security.

Updated regularly, the OWASP Top 10 lists the main security threats that affect web applications today. Each entry enumerates the threat, shows possible attack vectors, and highlights preventive measures to reduce the risk of such threat. At Auth0, we take steps to mitigate most of the issues outlined below, so when you delegate your authentication needs to us, a lot of this is already taken care of for you.

Let’s run through the list, looking at the threats and what we could be doing to make sure our own applications are secure and examining some features of the Auth0 platform that help to mitigate or entirely remove such threats.

For a high-level overview of the list updates, please refer to this handy chart, provided by OWASP:

A Tour Through the OWASP Top 10

Read more...

Discussion (0)