OWASP updates top 10 vulnerability ranking for first time since 2017
Nonprofit foundation Open Web Application Security Project (OWASP) has released an updated draft of its ranking of the top 10 vulnerabilities, the first changes to the list since November 2017.
The new list features considerable changes, including the emergence of Broken Access Control, which moved from fifth on the list to number 1. The organization said 94% of applications have been tested for some form of broken access control and "the 34 CWEs mapped to Broken Access Control had more occurrences in applications than any other category."
Cryptographic Failures also moved up the list to number 2 due to its connection to sensitive data exposure and system compromise. Injection moved down to the third spot but OWASP noted that 94% of the applications were tested for some form of injection, which now includes cross-site scripting.