OWASP Top Ten Application Security Risks - 2017 and 2021


Since 2001, the Open Web Application Security Project (OWASP) has been providing a top ten list of the most critical coding and security flaws in Web development. This list is popularly recognized as a security standard for all Web development.

See the OWASP Top Ten 2017 and OWASP Top Ten 2021 website for more information.

Relevant Warning Classes

The following accordion show the CodeSonar warning classes that are associated with OWASP-2017 and 2021 top ten security rules.


Mapping Summary

  Supported All Percent Coverage
All 10 10 100.0%

Mapping Detail

Rule Rule Name Supported
OWASP-2017:A1 Injection Yes
OWASP-2017:A2 Broken authentication Yes
OWASP-2017:A3 Sensitive data exposure Yes
OWASP-2017:A4 XML external entities Yes
OWASP-2017:A5 Broken access control Yes
OWASP-2017:A6 Security misconfiguration Yes
OWASP-2017:A7 Cross site scripting (XSS) Yes
OWASP-2017:A8 Insecure deserialization Yes
OWASP-2017:A9 Using components with known vulnerabilities Yes
OWASP-2017:A10 Insufficient logging and monitoring Yes

Mapping Summary

  Supported All Percent Coverage
All 8 10 80.0%

Mapping Detail

Rule Rule Name Supported
OWASP-2021:A1 Broken access control Yes
OWASP-2021:A2 Cryptographic failures Yes
OWASP-2021:A3 Injection Yes
OWASP-2021:A4 Insecure design No
OWASP-2021:A5 Security misconfiguration Yes
OWASP-2021:A6 Vulnerable and outdated components Yes
OWASP-2021:A7 Identification and authorization failures Yes
OWASP-2021:A8 Software and data integrety failures Yes
OWASP-2021:A9 Security logging and monitoring failures Yes
OWASP-2021:A10 Server-side request forgery No
Was this article helpful?
0 out of 0 found this helpful

Articles in this section

See more
White Papers
Read our white papers to find useful information about software development in the IoT era, where devices must not only function with impeccable quality and safety but also remain resilient to cyber-attacks.
Product Sheets
Read our datasheets and company briefs to gain quick insights into our solutions, products, and integrations, including their capabilities, benefits, and supported environments.
Topics relating to DevSecOps, application security testing (AST), binary analysis, product security, software assurance and others.