OWASP Top Ten Application Security Risks - 2017 and 2021

Overview

Since 2001, the Open Web Application Security Project (OWASP) has been providing a top ten list of the most critical coding and security flaws in Web development. This list is popularly recognized as a security standard for all Web development.

See the OWASP Top Ten 2017 and OWASP Top Ten 2021 website for more information.

Relevant Warning Classes

The following accordion show the CodeSonar warning classes that are associated with OWASP-2017 and 2021 top ten security rules.

Mapping Definition

The table below show classes from our broad mapping which for a given warning class and category kind combines categories from four sources:

  1. The close mapping for the class.
  2. Other categories of that kind that are related to the class in a meaningful way, but not eligible for the close mapping. Usually this indicates a substantial overlap between category and warning class, but overlap that cannot be characterized as a subset or superset relationship.
  3. It the category kind is hierarchical (of the current category taxonomies, only We has this property): tor all categories trom sources 1 and 2, all ancestors in the taxonomy hierarchy
  4. In a small number of cases, all descendants of a hierarchical category source 1 or 2 are also applicable to the class. In these cases the descendants are also added to the broad mapping
OWASP-2017

Mapping Summary

  Supported All Percent Coverage
All 10 10 100.0%

Mapping Detail

Rule Rule Name Supported
OWASP-2017:A1 Injection Yes
OWASP-2017:A2 Broken authentication Yes
OWASP-2017:A3 Sensitive data exposure Yes
OWASP-2017:A4 XML external entities Yes
OWASP-2017:A5 Broken access control Yes
OWASP-2017:A6 Security misconfiguration Yes
OWASP-2017:A7 Cross site scripting (XSS) Yes
OWASP-2017:A8 Insecure deserialization Yes
OWASP-2017:A9 Using components with known vulnerabilities Yes
OWASP-2017:A10 Insufficient logging and monitoring Yes
OSWAP-2021

Mapping Summary

  Supported All Percent Coverage
All 9 10 90.0%

Mapping Detail

Rule Rule Name Supported
OWASP-2021:A1 Broken access control Yes
OWASP-2021:A2 Cryptographic failures Yes
OWASP-2021:A3 Injection Yes
OWASP-2021:A4 Insecure design Yes
OWASP-2021:A5 Security misconfiguration Yes
OWASP-2021:A6 Vulnerable and outdated components Yes
OWASP-2021:A7 Identification and authorization failures Yes
OWASP-2021:A8 Software and data integrity failures Yes
OWASP-2021:A9 Security logging and monitoring failures Yes
OWASP-2021:A10 Server-side request forgery No
Was this article helpful?
0 out of 0 found this helpful

Articles in this section

See more
White Papers
Read our white papers to find useful information about software development in the IoT era, where devices must not only function with impeccable quality and safety but also remain resilient to cyber-attacks.
Product Sheets
Read our datasheets and company briefs to gain quick insights into our solutions, products, and integrations, including their capabilities, benefits, and supported environments.
TalkSecure
Topics relating to DevSecOps, application security testing (AST), binary analysis, product security, software assurance and others.
X