Why the updated OWASP Top 10 list can’t be addressed by WAF?

Did you know that OWASP published its updated Top 10 web vulnerabilities list? And that it includes updates that could impact the design and functionality of your WAF solution?

l7 defense whitepaper

Note that the preliminary API risk factors published by OWASP are not aligned anymore with the current challenges, in order to give you a rundown of what is going with the latest OWASP list we have launched our new whitepaper.

Whitepaper highlights:

  • OWASP added A04:2021-Insecure Design focusing on risks related to design flaws
  • OWASP added A08:2021-Software and Data Integrity Failures focusing on making assumptions related to software updates, critical data, and CI/CD pipelines without verifying integrity
  • OWASP added A10:2021-Server-Side Request Forgery
  • AF solutions cannot address one of the most common attacks already used in API-driven breach events

This whitepaper is no longer available.


More about

Don't miss