OWASP Top 10 2021 map to SANS 25 and MITRE CWE
OWASP Top 10 2021
The OWASP Top 10 is a standard awareness document for developers and web application security, which
"represents a broad consensus about the most critical security risks to web applications."
The list has been successful due to the fact that it is easy to understand and master, it helps
users prioritize risk, and it’s litigable.
The OWASP Top 10 focuses on the most critical threats, rather than specific susceptibilities.
Threats have always represented a more stable measure of risk because they always stay in place and
can provide a framework to think about possible attacks and vulnerability trends.
https://owasp.org/Top10/A00_2021_Introduction/
MITRE and SANS 2021
The 2021 Common Weakness Enumeration (CWE™) Top 25 Most Dangerous Software Weaknesses (CWE Top 25)
is a demonstrative list of the most common and impactful issues experienced over the previous two
calendar years. These weaknesses are dangerous because they are often easy to find, exploit, and can
allow adversaries to completely take over a system, steal data, or prevent an application from
working. The CWE Top 25 is a valuable community resource that can help developers, testers, and
users — as well as project managers, security researchers, and educators — provide insight into the
most severe and current security weaknesses.
MITRE partnered with the SANS Institute to develop the CWE/25, a list of the 25 most critical
software vulnerabilities. A similar list is provided in the Open Web Application Security Project
(OWASP) Top 10 Project, which is also a community-driven compilation of software vulnerabilities.
Although the CWE/25 and OWASP Top 10 are different, they share many of the same vulnerabilities.
Here is a list of the OWASP Top 10 entries for 2021 and their corresponding CWEs.
See https://cwe.mitre.org/top25/archive/2021/2021_cwe_top25.html
And https://www.sans.org/top25-software-errors/
OWASP Top 10 | CWE |
---|