90% of applications have been tested for some form of misconfiguration. With the increase in highly configurable software, it is not surprising that this category is growing. The previous category of XML External Entities (XXE) is now part of this category.
In this category, 20 CWEs (Common Weakness Enumeration) have been mapped, and during OWASP testing, as many as 208k occurrences of these CWEs were collected.
The most important CWEs are CWE-16 Configuration and CWE-611 Improper Restriction of XML External Entity Reference.
| OWASP Top 10 Application Security Risks - 2021 | Reference |
|---|---|
| A05:2021 – Security Misconfiguration | OWASP |
Without a consolidated and repeatable process for configuring application security, systems are at higher risk.Francesco Ongaro
