![]() This installment of the Top 10 is more data-driven than ever but not blindly data-driven. This category represents the scenario where the security community members are telling us this is important, even though it's not illustrated in the data at this time. The data shows a relatively low incidence rate with above average testing coverage, along with above-average ratings for Exploit and Impact potential. A10:2021-Server-Side Request Forgery is added from the Top 10 community survey (#1).However, failures in this category can directly impact visibility, incident alerting, and forensics. This category is expanded to include more types of failures, is challenging to test for, and isn't well represented in the CVE/CVSS data. A09:2021-Security Logging and Monitoring Failures was previously A10:2017-Insufficient Logging & Monitoring and is added from the Top 10 community survey (#3), moving up from #10 previously.A8:2017-Insecure Deserialization is now a part of this larger category. One of the highest weighted impacts from Common Vulnerability and Exposures/Common Vulnerability Scoring System (CVE/CVSS) data mapped to the 10 CWEs in this category. #Sans ultimate pen test poster pdf software
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |