Statistics-Based OWASP Top 10 2021 Proposal

Read the original article: Statistics-Based OWASP Top 10 2021 Proposal


Everybody knows the OWASP Top 10 as well as the fact that it gets updated only every other 3-4 years. With the last update published in 2017, it’s no surprise that a new version is coming this year. During my application security career, I saw OWASP Top 10 at least in 2003, 2004, 2007, 2010, 2013, and 2017. 

Since the OWASP creation process is not documented well, it seems reasonable to build an open and transparent rating for the same categories based on a large number of security reports.


Read the original article: Statistics-Based OWASP Top 10 2021 Proposal