On its 20th anniversary, the Open Web Application Security Project (OWASP) released the final version of their revised Top 10 list of the most critical risks to web applications, which includes three new categories, as well as position shifts compared to the previous report, released in 2017.
In OWASP Top 10 2021, Broken Access Control has taken the lead as the category with the most serious web application security risks. The category was fifth in the previous version.