2021

🎁Introduction

🎁A01 - 2021: Broken Access Control

🧱A02 - 2021: Cryptographic Failures

🎁A03 - 2021: Injection

❗A04 - 2021: Insecure Design

🧱A05 - 2021: Security Misconfiguration

🎁A06 - 2021: Vulnerable and Outdated Components

🎁A07 - 2021: Identification and Authentication Failures

❗A08 - 2021: Software and Data Integrity Failures

🧱A09 - 2021: Security Logging and Monitoring Failures

❗A10 - 2021: SSRF (Server side request forgery)

Changes

The following are gone:

XXE

XSS

Insecure deserialization

The following are all new:

Insecure design

Software and Data Integrity failures

SSRF

The following changed spots

A05:2017-BAC > A01:2021 BAC

A03:2017-Sensitive data exposure > A02:2021 - Cryptographic failures

A06:2017-Sec. Misconfig > A05:2021- Sec. misconfig

A09:2017-Known vulnerabilities > A06:2021-Vulnerable and outdated components

A10:2017 insufficient logging and monitoring > A09:2021-Insufficient logging and monitoring

A01:2017-Injection > A03:2021 Injection

A02:2017-Broken Authentication > A07:2021 Identification and Authentication Failures