Home › BCA Cyber Security › cybersecurity › Web Security — OWASP › Which OWASP Top 10 2021 category occupies the #1…
Which OWASP Top 10 2021 category occupies the #1 position?
AInjection
BSecurity Misconfiguration
CCross-Site Scripting (XSS)
DBroken Access Control
Answer & Solution
Correct answer: D. Broken Access Control
1. OWASP Top 10 2021 ranks BROKEN ACCESS CONTROL as A01 — the #1 risk.
2. Moved up from #5 in 2017 due to its prevalence: 94% of applications tested had some form of broken access control.
3. Examples: a regular user accessing /admin endpoints, IDOR (changing ?id=42 to ?id=43 to see another user's data), missing access checks on API calls.
4. Mitigation: enforce access controls SERVER-SIDE on every request, deny by default, log access control failures.
5. INJECTION (option A) is A03 in 2021. XSS is now grouped INTO Injection. Misconfiguration is A05.
_Source: OWASP Top 10 2021 — A01: Broken Access Control._
Related questions
What does HTTPS provide over plain HTTP?Which OWASP category covers using libraries with KNOWN CVEs?OWASP recommends LOGGING and MONITORING for the SECURITY LIFECYCLE becauseAn IDOR (Insecure Direct Object Reference) attack happens whenCROSS-SITE REQUEST FORGERY (CSRF) is best mitigated byWhich mitigation is the SINGLE most effective defense against SQL Injection?SERVER-SIDE REQUEST FORGERY (SSRF) — A10 in OWASP 2021 — happens whenWhat does the SECURITY MISCONFIGURATION category (A05 in 2021) typically include?