VScanner's Knowledge Base
  • Welcome to VScanner Documentation
  • VScanner API
    • Introduction
      • Classification
    • Authentication
    • Vulnerability Scanner
      • Scans
        • Explorer Preferences
          • Features
        • Website Vulnerability Preferences
          • Features
        • Scan API Preferences
          • Features
        • Subdomain Finder
    • PDF Report Generation
    • PDF Report AI Action Plan
  • FAQ (Frequently Asked Questions)
    • Account & Subscription
      • Can I change my subscription at any time?
      • Can I delete my account at any time?
      • Which payment methods does VScanner accept?
    • Scans & Reports
      • Can I export the scan result to PDF?
      • I fixed the vulnerabilities found on the last scan, how do I run a new one?
      • How often can I run a scan?
      • How long will it take for a scan to complete?
      • What is a target on VScanner?
      • How to scan a website on VScanner?
      • How does VScanner work?
    • Web Security Vulnerabilities
      • How to protect from cyber attacks?
      • List of OWASP TOP 10 vulnerabilities for 2021-2022
      • What are the most common vulnerabilities on websites?
      • How to fix - Broken Access Control
      • How to fix - Extension Vulnerabilities
      • How to fix - Plugin Vulnerabilities
      • How to fix - CMS Vulnerability
      • How to fix - Weak HTTPS Configurations
      • How to fix - Invalid HTTPS Certificates
      • How to fix - Session Failure
      • How to fix - Validation Failure
      • How to fix - Authorization Failure
      • How to fix - Weak Authentication
      • How to fix - Sensitive Data Exposure
      • How to fix - Cross-Site Request Forgery (CSRF)
      • How to fix - Local File Injection (LFI)
      • How to fix - Remote File Injection (RFI)
      • How to fix - Cross-Site Scripting (XSS)
      • How to fix - Command Injection
      • How to fix - SQL Injection
Powered by GitBook
On this page
  1. FAQ (Frequently Asked Questions)
  2. Web Security Vulnerabilities

List of OWASP TOP 10 vulnerabilities for 2021-2022

PreviousHow to protect from cyber attacks?NextWhat are the most common vulnerabilities on websites?

Last updated 11 months ago

Open Web Application Security Project (OWASP) is a nonprofit foundation that aims to improve software security by publishing , articles, , and documents. An example of the kind of tools it provides is the OWASP Framework, which combines and risk assessment tools.

Every three to four years, OWASP updates its list of top ten application security risks in light of prevailing application security dynamics and the overall threat landscape. The top ten are ranked in order of risk level.

The methodology uses a combination of data-driven analysis and industry surveys to establish a list of the ten most significant application security vulnerabilities:

  • The data side of things gathers information from over 200,000 organizations about found in various processes and uses this information to identify eight of the top ten critical security risks.

  • The remaining two risks are gleaned from surveying industry professionals and asking them to rank the most important web app security risks.

The most recent OWASP Top 10 update from 2021 carries over to 2022. The 2021 update adds three new categories of risk to the previous update in 2017, along with some consolidation and re-naming. This is the OWASP top 10 vulnerabilities for 2021-2022:

industry standards
tools
Risk Assessment
static application security testing
web application vulnerabilities
A01 Broken Access Control
A02 Cryptographic Failures
A03 Injection
A04 Insecure Design
A05 Security Misconfiguration
A06 Vulnerable and Outdated Components
A07 Identification and Authentication Failures
A08 Software and Data Integrity Failures
A09 Security Logging and Monitoring Failures
A10 Server Side Request Forgery (SSRF)