diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml
new file mode 100644
index 000000000..3aa087774
--- /dev/null
+++ b/.github/workflows/deploy.yml
@@ -0,0 +1,32 @@
+name: Build and Deploy 2021
+on:
+ push:
+ branches:
+ - 'master'
+ - 'main'
+jobs:
+ build-and-deploy:
+ permissions:
+ pages: write
+ id-token: write
+ runs-on: ubuntu-latest
+ environment:
+ name: github-pages
+ url: ${{ steps.deployment.outputs.page_url }}
+ steps:
+ - uses: actions/setup-python@v5
+ with:
+ python-version: '3.13'
+ - name: Checkout
+ uses: actions/checkout@v4
+ - name: Install and Build
+ run: |
+ cd 2021
+ make install-python-requirements
+ make generate-site
+ - name: Upload static files as artifact
+ uses: actions/upload-pages-artifact@v3
+ with:
+ path: 2021/site/
+ - name: Deploy
+ uses: actions/deploy-pages@v4
diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
new file mode 100644
index 000000000..ee3a009d4
--- /dev/null
+++ b/.github/workflows/test.yml
@@ -0,0 +1,35 @@
+name: Test 2021
+on: [push, pull_request]
+jobs:
+ build:
+ runs-on: ubuntu-latest
+ steps:
+ - uses: actions/setup-python@v5
+ with:
+ python-version: '3.13'
+ - name: Checkout
+ uses: actions/checkout@v4
+ - name: Install and Build
+ run: |
+ cd 2021
+ make install-python-requirements
+ make install-python-requirements-test
+ make generate-site
+ # check-links:
+ # runs-on: ubuntu-latest
+ # steps:
+ # - uses: actions/setup-python@v5
+ # with:
+ # python-version: '3.13'
+ # - name: Checkout
+ # uses: actions/checkout@v4
+ # - name: Install and Build
+ # run: |
+ # cd 2021
+ # make install-python-requirements
+ # make install-python-requirements-test
+ # make generate-site
+ # - name: Links validation
+ # run: |
+ # cd 2021
+ # make check-links
diff --git a/.gitignore b/.gitignore
index eb5fdd225..0ba490df7 100644
--- a/.gitignore
+++ b/.gitignore
@@ -90,4 +90,6 @@ lib/
# Pipenv
Pipfile
-2021/site/0x00-notice/index.html
+
+env
+venv
diff --git a/2021/Makefile b/2021/Makefile
new file mode 100644
index 000000000..e41ff20be
--- /dev/null
+++ b/2021/Makefile
@@ -0,0 +1,20 @@
+.PHONY: help
+.SILENT:
+
+help:
+ @grep -E '^[a-zA-Z_-]+:.*?# .*$$' $(MAKEFILE_LIST) | sort | awk 'BEGIN {FS = ":.*?# "}; {printf "\033[36m%-30s\033[0m %s\n", $$1, $$2}'
+
+install-python-requirements: # Install Python 3 required libraries
+ python -m pip install -r requirements.txt
+
+install-python-requirements-test: # Install Python 3 required libraries
+ python -m pip install -r requirements-test.txt
+
+generate-site: # Builds ./2021
+ mkdocs build
+
+serve: # Build and hot-reloads ./2021
+ mkdocs serve
+
+check-links: # Checks for dead links
+ python -m linkcheckmd
diff --git a/2021/README.md b/2021/README.md
index 19ca38a82..55447c3df 100644
--- a/2021/README.md
+++ b/2021/README.md
@@ -4,45 +4,38 @@ Final Release
## Building a local copy
-- Install Python 3 for your platform
-- From the main folder, ...
+Make sure Python 3 is installed.
```bash
-make install-python-requirements
-```
-### Prepare a local virtual environment to manage the versions of the required Python libraries for mkdocs
+# Build and activate virtual environment
+python3 -m venv ./venv
+source .venv/bin/activate
-```bash$
-# build and activate venv
-cd 2021
-python3 -m venv .
-source ./bin/activate
-# install all required library versions
+# Install dependencies
pip install -r requirements.txt
-# optionally verify if OWASP OSIB is in your pip list
-pip list | grep osib
-```
-You might need to use ```--break-system-packages``` with pip if it gives you an error.
-
-This installs all requirements including the (OSIB Macro)[https://github.com/OWASP/OSIB]
+# Build HTML
+mkdocs build
+# Browse /2021/site
+```
### Test it locally
-You should test your changes locally:
+Alternatively you can spin up a hot-reloading server:
-```bash
-cd 2021
-mkdocs serve
+```sh
+make serve
```
Once you are happy, check in your changes as a branch / PR and let someone on the main team know. We'll review your changes, and merge and redeploy.
-### Redeploy to gh-pages
+### Deploy to gh-pages
-This only works if you have commit privileges on master and Git is correctly setup in your environment.
+When the `master` branch is pushed, a Github Action will take care of everything and publish the website as a Github Page.
-```bash
+Alternatively `mkdocs` can be used to publish the website. This only works if you have commit privileges on master and Git is correctly setup in your environment.
+
+```sh
cd 2021
mkdocs gh-deploy
```
diff --git a/2021/docs/assets/OWASP-logo-tm.jpg b/2021/docs/assets/OWASP-logo-tm.jpg
new file mode 100644
index 000000000..7e249f609
Binary files /dev/null and b/2021/docs/assets/OWASP-logo-tm.jpg differ
diff --git a/2021/docs/assets/OWASP-logo.svg b/2021/docs/assets/OWASP-logo.svg
new file mode 100644
index 000000000..e3aaac084
--- /dev/null
+++ b/2021/docs/assets/OWASP-logo.svg
@@ -0,0 +1,60 @@
+
+
\ No newline at end of file
diff --git a/2021/docs/en/0x01_2021-about-owasp.md b/2021/docs/en/0x01_2021-about-owasp.md
index 16d3b8a1a..810cab320 100644
--- a/2021/docs/en/0x01_2021-about-owasp.md
+++ b/2021/docs/en/0x01_2021-about-owasp.md
@@ -32,3 +32,5 @@ Come join us!
Copyright © 2003-2025 The OWASP® Foundation, Inc. This document is released under the Creative Commons Attribution Share-Alike 4.0 license. For any reuse or distribution, you must make it clear to others the license terms of this work.
+
+--8<-- "includes/abbreviations.md"
diff --git a/2021/docs/en/A00_2021-How_to_start_an_AppSec_program_with_the_OWASP_Top_10.md b/2021/docs/en/A00_2021-How_to_start_an_AppSec_program_with_the_OWASP_Top_10.md
index 52ef2b35a..3138c77ff 100644
--- a/2021/docs/en/A00_2021-How_to_start_an_AppSec_program_with_the_OWASP_Top_10.md
+++ b/2021/docs/en/A00_2021-How_to_start_an_AppSec_program_with_the_OWASP_Top_10.md
@@ -1,4 +1,4 @@
-# How to start an AppSec Program with the OWASP Top 10
+# How to start an AppSec Program with the OWASP Top 10
Previously, the OWASP Top 10 was never designed to be the basis for an
AppSec program. However, it's essential to start somewhere for many
@@ -113,3 +113,5 @@ going if we're ever going to get on top of appsec vulnerabilities.
limited impact, do something different. Just because we've done
testing like desk checks since the 1970s doesn't mean it's a good
idea. Measure, evaluate, and then build or improve.
+
+--8<-- "includes/abbreviations.md"
diff --git a/2021/docs/en/A00_2021_How_to_use_the_OWASP_Top_10_as_a_standard.md b/2021/docs/en/A00_2021_How_to_use_the_OWASP_Top_10_as_a_standard.md
index 9494e4de9..825ad7f7e 100644
--- a/2021/docs/en/A00_2021_How_to_use_the_OWASP_Top_10_as_a_standard.md
+++ b/2021/docs/en/A00_2021_How_to_use_the_OWASP_Top_10_as_a_standard.md
@@ -45,3 +45,5 @@ comprehensively detect, test, or protect against the OWASP Top 10 due to
the nature of several of the OWASP Top 10 risks, with reference to
A04:2021-Insecure Design. OWASP discourages any claims of full coverage
of the OWASP Top 10, because it’s simply untrue.
+
+--8<-- "includes/abbreviations.md"
diff --git a/2021/docs/en/A00_2021_Introduction.md b/2021/docs/en/A00_2021_Introduction.md
index a2f357abd..1f9ec54cf 100644
--- a/2021/docs/en/A00_2021_Introduction.md
+++ b/2021/docs/en/A00_2021_Introduction.md
@@ -116,3 +116,5 @@ The OWASP Top 10 2021 team gratefully acknowledge the financial support of Secur
[{ width="256" }](https://securecodewarrior.com)
[{ width="256" }](https://www.just-eat.co.uk/)
+
+--8<-- "includes/abbreviations.md"
diff --git a/2021/docs/en/A09_2021-Security_Logging_and_Monitoring_Failures.md b/2021/docs/en/A09_2021-Security_Logging_and_Monitoring_Failures.md
index 3f33b9c1e..a5ed04087 100644
--- a/2021/docs/en/A09_2021-Security_Logging_and_Monitoring_Failures.md
+++ b/2021/docs/en/A09_2021-Security_Logging_and_Monitoring_Failures.md
@@ -19,7 +19,7 @@ Insufficient Logging* to include *CWE-117 Improper Output Neutralization
for Logs*, *CWE-223 Omission of Security-relevant Information*, and
*CWE-532* *Insertion of Sensitive Information into Log File*.
-## Description
+## Description
Returning to the OWASP Top 10 2021, this category is to help detect,
escalate, and respond to active breaches. Without logging and
@@ -54,7 +54,7 @@ events visible to a user or an attacker (see [A01:2021-Broken Access Control](A0
## How to Prevent
-Developers should implement some or all the following controls,
+Developers should implement some or all the following controls,
depending on the risk of the application:
- Ensure all login, access control, and server-side input validation
diff --git a/2021/docs/en/index.md b/2021/docs/en/index.md
index aa672f8d2..76bfef6a5 100644
--- a/2021/docs/en/index.md
+++ b/2021/docs/en/index.md
@@ -115,3 +115,5 @@ The OWASP Top 10 2021 team gratefully acknowledge the financial support of Secur
[{ width="256" }](https://securecodewarrior.com)
[{ width="256" }](https://www.just-eat.co.uk/)
+
+--8<-- "includes/abbreviations.md"
diff --git a/2021/docs/scripts/extra.js b/2021/docs/scripts/extra.js
new file mode 100644
index 000000000..fd5292e06
--- /dev/null
+++ b/2021/docs/scripts/extra.js
@@ -0,0 +1,40 @@
+window.addEventListener("DOMContentLoaded", _ => {
+ const MutationObserver = window.MutationObserver || window.WebKitMutationObserver;
+ const observer = new MutationObserver((mutations, _) => {
+ const nodesForRemoval = [];
+ for (const record of mutations) {
+ for (const liNode of record.addedNodes) {
+ let removeNode = false;
+ for (const anchor of liNode.querySelectorAll("a")) {
+ const searchResultLocale = getSearchResultLocaleFromAnchor(anchor);
+ const isSearchResultFromCurrentPageLocale = searchResultLocale === document.querySelector('html[lang]').lang;
+ if (!isSearchResultFromCurrentPageLocale) {
+ removeNode = true;
+ continue;
+ }
+ }
+
+ if (removeNode) {
+ nodesForRemoval.push(liNode);
+ }
+ }
+ }
+
+ for (const node of nodesForRemoval) {
+ node.remove();
+ }
+
+ const amountDisplay = document.querySelector(".md-search-result__meta");
+ const result = document.querySelector('.md-search-result__list').childNodes.length
+ amountDisplay.textContent = amountDisplay.textContent.replace(/\d+/i, result.toString());
+ });
+
+ observer.observe(document.querySelector(".md-search-result__list"), { childList: true });
+});
+
+function getSearchResultLocaleFromAnchor(anchor) {
+ const localeSegment = anchor.href.split("/")[3];
+ // Note that we make an assumption here that the only length 2
+ // link segments will be the locale immediately after the site's base URL.
+ return (localeSegment.length === 2 || localeSegment.length === 5 || localeSegment.length === 7) ? localeSegment : 'en';
+}
\ No newline at end of file
diff --git a/2021/docs/stylesheets/extra.css b/2021/docs/stylesheets/extra.css
new file mode 100644
index 000000000..70f917509
--- /dev/null
+++ b/2021/docs/stylesheets/extra.css
@@ -0,0 +1,3 @@
+:root {
+ --md-text-font-family: Segoe UI,Frutiger,Frutiger Linotype,Dejavu Sans,Helvetica Neue,-apple-system,BlinkMacSystemFont,Helvetica,Arial,sans-serif;
+}
diff --git a/2021/includes/abbreviations.md b/2021/includes/abbreviations.md
new file mode 100644
index 000000000..a17093698
--- /dev/null
+++ b/2021/includes/abbreviations.md
@@ -0,0 +1,12 @@
+*[W3C]: World Wide Web Consortium
+*[CVE]: Common Vulnerabilities and Exposures
+*[CWE]: Common Weakness Enumeration
+*[XXE]: XML External Entity
+*[XSS]: Cross Site Scripting
+*[CVSS]: Common Vulnerability Scoring System
+*[CSRF]: Cross Site Request Forgery
+*[NVD]: National Vulnerability Database
+*[GDPR]: General Data Protection Regulation
+*[ASVS]: Application Security Verification Standard
+*[QA]: Quality Assurance
+*[CSP]: Content Security Policy
diff --git a/2021/mkdocs.yml b/2021/mkdocs.yml
index bacaee9ac..8f1b93c72 100644
--- a/2021/mkdocs.yml
+++ b/2021/mkdocs.yml
@@ -6,12 +6,55 @@ copyright: © Copyright 2021-2025 - OWASP Top 10 Team - This work is licensed un
docs_dir: docs
theme:
name: material
+ custom_dir: overrides
+ favicon: assets/OWASP-logo.svg
+ logo: assets/OWASP-logo.svg
+ font: false
language: en
- logo: assets/OWASP_Logo_Transp.png
features:
- navigation.sections
- - navigation.instant
+ - navigation.tracking
+ - navigation.top
- search.suggest
+ - search.highlight
+ - search.share
+ # - navigation.instant @ Unsupported by the i18n engine
+ palette:
+ - media: "(prefers-color-scheme)"
+ toggle:
+ icon: material/brightness-auto
+ name: Switch to light mode
+ - media: "(prefers-color-scheme: light)"
+ scheme: default
+ toggle:
+ icon: material/brightness-7
+ name: Switch to dark mode
+ - media: "(prefers-color-scheme: dark)"
+ scheme: slate
+ toggle:
+ icon: material/brightness-4
+ name: Switch to system preference
+
+extra_css:
+ - stylesheets/extra.css
+
+extra_javascript:
+ - scripts/extra.js
+
+markdown_extensions:
+ - abbr
+ - attr_list
+ - pymdownx.snippets
+ - admonition
+ - pymdownx.highlight
+ - pymdownx.superfences
+ - footnotes
+ - toc:
+ permalink: ⚓︎
+ - pymdownx.emoji:
+ emoji_index: !!python/name:material.extensions.emoji.twemoji
+ emoji_generator: !!python/name:material.extensions.emoji.to_svg
+
nav:
- Home: index.md
@@ -33,16 +76,13 @@ nav:
- A10 Server Side Request Forgery (SSRF): 'A10_2021-Server-Side_Request_Forgery_(SSRF).md'
- Next Steps: 'A11_2021-Next_Steps.md'
-markdown_extensions:
- - attr_list
-
plugins:
- search
+ - git-revision-date
- i18n:
- default_language: en
docs_structure: folder
- material_alternate: true
reconfigure_material: true
+ reconfigure_search: true
languages:
- locale: en
default: true
@@ -51,233 +91,242 @@ plugins:
- locale: ar
name: ar - العربية
build: true
+ nav_translations:
+ Home: الصفحة الرئيسية
+ Notice: ملاحظات
+ Introduction: المقدمة
+ How to use the OWASP Top 10 as a standard: كيف تستخدم إطار أعلى عشرة مخاطر من أواسب كنموذج معياري.
+ How to start an AppSec program with the OWASP Top 10: كيف تبدأ امن التطبيقات مع أعلى عشرة مخاطر من أواسب
+ About OWASP: عن أواسب
+ Top 10:2021 List: قائمة اعلى عشرة مخاطر لعام 2021
+ A01 Broken Access Control: A01 تخطي صلاحيات الوصول
+ A02 Cryptographic Failures: A02 فشل آلية التشفير
+ A03 Injection: A03 الحقن
+ A04 Insecure Design: A04 التصميم الغير آمن
+ A05 Security Misconfiguration: A05 الإعدادات الأمنية الخاطئة
+ A06 Vulnerable and Outdated Components: A06 الثغرات و المكونات الغير المحدثة
+ A07 Identification and Authentication Failures: A07 الهوية و فشل عملية التحقق
+ A08 Software and Data Integrity Failures: A08 فشل سلامة البيانات والبرمجيات
+ A09 Security Logging and Monitoring Failures: A09 فشل في تسجيل السجلات الأمنية والمراقبة
+ A10 Server Side Request Forgery (SSRF): A10 تزوير الطلبات من جانب الخادم SSRF
+ Next Steps: الخطوات المقبلة
- locale: de
name: de - Deutsch
build: true
+ nav_translations:
+ Home: Startseite
+ Notice: Anmerkung
+ Introduction: Einführung
+ How to use the OWASP Top 10 as a standard: Wie man die OWASP Top 10 als Standard verwendet
+ How to start an AppSec program with the OWASP Top 10: Wie man ein AppSec-Program mit den OWASP Top 10 beginnt
+ About OWASP: Über OWASP
+ Top 10:2021 List: Liste der Top 10:2021
+ A01 Broken Access Control: A01 - Mangelhafte Zugriffskontrolle
+ A02 Cryptographic Failures: A02 - Fehlerhafter Einsatz von Kryptographie
+ A03 Injection: A03 - Injection
+ A04 Insecure Design: A04 - Unsicheres Anwendungsdesign
+ A05 Security Misconfiguration: A05 - Sicherheitsrelevante Fehlkonfiguration
+ A06 Vulnerable and Outdated Components: A06 - Unsichere oder veraltete Komponenten
+ A07 Identification and Authentication Failures: A07 - Fehlerhafte Authentifizierung
+ A08 Software and Data Integrity Failures: A08 - Fehlerhafte Prüfung der Software- und Datenintegrität
+ A09 Security Logging and Monitoring Failures: A09 - Unzureichendes Logging und Sicherheitsmonitoring
+ A10 Server Side Request Forgery (SSRF): A10 - Server-Side Request Forgery (SSRF)
+ Next Steps: Nächste Schritte
- locale: es
name: es - Español
build: true
+ nav_translations:
+ Home: Inicio
+ Notice: Notas
+ Introduction: Introducción
+ How to use the OWASP Top 10 as a standard: Cómo utilizar el OWASP Top 10 como un estándar
+ How to start an AppSec program with the OWASP Top 10: Cómo iniciar un programa de AppSec con el OWASP Top 10
+ About OWASP: Acerca de OWASP
+ Top 10:2021 List: 'Top 10: Lista 2021'
+ A01 Broken Access Control: A01 Pérdida de Control de Acceso
+ A02 Cryptographic Failures: A02 Fallas Criptográficas
+ A03 Injection: A03 Inyección
+ A04 Insecure Design: A04 Diseño Inseguro
+ A05 Security Misconfiguration: A05 Configuración de Seguridad Incorrecta
+ A06 Vulnerable and Outdated Components: A06 Componentes Vulnerables y Desactualizados
+ A07 Identification and Authentication Failures: A07 Fallas de Identificación y Autenticación
+ A08 Software and Data Integrity Failures: A08 Fallas en el Software y en la Integridad de los Datos
+ A09 Security Logging and Monitoring Failures: A09 Fallas en el Registro y Monitoreo
+ A10 Server Side Request Forgery (SSRF): A10 Falsificación de Solicitud del Lado del Servidor (SSRF)
+ Next Steps: Próximos pasos
- locale: fr
name: fr - Français
build: true
+ nav_translations:
+ Home: Page d'accueil
+ Notice: Note
+ Introduction: Introduction
+ How to use the OWASP Top 10 as a standard: Comment utiliser le Top 10 OWASP comme standard
+ How to start an AppSec program with the OWASP Top 10: Comment démarrer un programme SecApp avec l'OWASP Top 10
+ About OWASP: À propos de l'OWASP
+ Top 10:2021 List: Liste top 10:2021
+ A01 Broken Access Control: A01 Contrôles d'accès défaillants
+ A02 Cryptographic Failures: A02 Défaillances cryptographiques
+ A03 Injection: A03 Injection
+ A04 Insecure Design: A04 Conception non sécurisée
+ A05 Security Misconfiguration: A05 Mauvaise configuration de sécurité
+ A06 Vulnerable and Outdated Components: A06 Composants vulnérables et obsolètes
+ A07 Identification and Authentication Failures: A07 Identification et authentification de mauvaise qualité
+ A08 Software and Data Integrity Failures: A08 Manque d'intégrité des données et du logiciel
+ A09 Security Logging and Monitoring Failures: A09 Carence des systèmes de contrôle et de journalisation
+ A10 Server Side Request Forgery (SSRF): A10 Falsification de requête côté serveur (SSRF)
+ Next Steps: Étapes suivantes
- locale: id
name: id - Indonesian
build: true
+ nav_translations:
+ Home: Beranda
+ Notice: Pemberitahuan
+ Introduction: Pengenalan
+ How to use the OWASP Top 10 as a standard: Bagaimana cara menggunakan OWASP Top 10 sebagai sebuah standarisasi
+ How to start an AppSec program with the OWASP Top 10: Bagaimana cara untuk memulai program AppSec dengan OWASP Top 10
+ About OWASP: Tentang OWASP
+ Top 10:2021 List: Daftar Top 10:2021
+ A01 Broken Access Control: A01 Kerusakan Akses Kontrol
+ A02 Cryptographic Failures: A02 Kegagalan Kriptografi
+ A03 Injection: A03 Injeksi
+ A04 Insecure Design: A04 Insecure Design
+ A05 Security Misconfiguration: A05 Kesalahan Konfigurasi Keamanan
+ A06 Vulnerable and Outdated Components: A06 Komponen yang Rentan dan Kedaluwarsa
+ A07 Identification and Authentication Failures: A07 Kegagalan Identifikasi dan Otentikasi
+ A08 Software and Data Integrity Failures: A08 Kegagalan Integritas Data dan Perangkat Lunak
+ A09 Security Logging and Monitoring Failures: A09 Kegagalan dalam Keamanan Logging dan Monitoring
+ A10 Server Side Request Forgery (SSRF): A10 Server-Side Request Forgery (SSRF)
+ Next Steps: Langkah Selanjutnya
- locale: it
name: it - Italiano
build: true
+ nav_translations:
+ Home: Home
+ Notice: Avvisi
+ Introduction: Introduzione
+ How to use the OWASP Top 10 as a standard: Come utilizzare la OWASP Top 10 come standard
+ How to start an AppSec program with the OWASP Top 10: Come avviare un programma di AppSec con la OWASP Top 10
+ About OWASP: A proposito di OWASP
+ Top 10:2021 List: Lista top 10:2021
+ A01 Broken Access Control: A01 Broken Access Control
+ A02 Cryptographic Failures: A02 Cryptographic Failures
+ A03 Injection: A03 Injection
+ A04 Insecure Design: A04 Insecure Design
+ A05 Security Misconfiguration: A05 Security Misconfiguration
+ A06 Vulnerable and Outdated Components: A06 Vulnerable and Outdated Components
+ A07 Identification and Authentication Failures: A07 Identification and Authentication Failures
+ A08 Software and Data Integrity Failures: A08 Software and Data Integrity Failures
+ A09 Security Logging and Monitoring Failures: A09 Security Logging and Monitoring Failures
+ A10 Server Side Request Forgery (SSRF): A10 Server Side Request Forgery (SSRF)
+ Next Steps: Prossimi passi
- locale: ja
name: ja - 日本語
build: true
+ nav_translations:
+ Home: ホーム
+ Notice: 注意事項
+ Introduction: 導入
+ How to use the OWASP Top 10 as a standard: OWASP Top 10 をスタンダードとして使うには
+ How to start an AppSec program with the OWASP Top 10: OWASP Top 10 を使ってアプリケーションセキュリティプログラムを始めるには
+ About OWASP: OWASPについて
+ Top 10:2021 List: Top 10:2021 一覧
+ A01 Broken Access Control: A01 アクセス制御の不備
+ A02 Cryptographic Failures: A02 暗号化の失敗
+ A03 Injection: A03 インジェクション
+ A04 Insecure Design: A04 安全が確認されない不安な設計
+ A05 Security Misconfiguration: A05 セキュリティの設定ミス
+ A06 Vulnerable and Outdated Components: A06 脆弱で古くなったコンポーネント
+ A07 Identification and Authentication Failures: A07 識別と認証の失敗
+ A08 Software and Data Integrity Failures: A08 ソフトウェアとデータの整合性の不具合
+ A09 Security Logging and Monitoring Failures: A09 セキュリティログとモニタリングの失敗
+ A10 Server Side Request Forgery (SSRF): A10 サーバーサイドリクエストフォージェリ (SSRF)
+ Next Steps: Next Steps
- locale: pt-BR
name: pt-BR - Português (Brasil)
build: true
+ nav_translations:
+ Home: Início
+ Notice: Notas
+ Introduction: Introdução
+ How to use the OWASP Top 10 as a standard: Como usar o OWASP Top 10 como padrão
+ How to start an AppSec program with the OWASP Top 10: Como iniciar um programa AppSec com o OWASP Top 10
+ About OWASP: Sobre OWASP
+ Top 10:2021 List: Lista top 10:2021
+ A01 Broken Access Control: A01 Quebra de Controle de Acesso
+ A02 Cryptographic Failures: A02 Falhas Criptográficas
+ A03 Injection: A03 Injeção
+ A04 Insecure Design: A04 Design Inseguro
+ A05 Security Misconfiguration: A05 Configuração Incorreta de Segurança
+ A06 Vulnerable and Outdated Components: A06 Componentes Vulneráveis e Desatualizados
+ A07 Identification and Authentication Failures: A07 Falhas de identificação e autenticação
+ A08 Software and Data Integrity Failures: A08 Falhas de Software e Integridade de Dados
+ A09 Security Logging and Monitoring Failures: A09 Falhas de registro e monitoramento de segurança
+ A10 Server Side Request Forgery (SSRF): A10 Falsificação de Solicitação do Lado do Servidor (SSRF)
+ Next Steps: Próximos passos
- locale: zh-Hant
name: zh-Hant - 简体中文
build: true
+ nav_translations:
+ Home: 首頁
+ Notice: 注意事项
+ Introduction: OWASP 2021 介紹
+ How to use the OWASP Top 10 as a standard: 如何正确使用 OWASP Top 10 为标准
+ How to start an AppSec program with the OWASP Top 10: 如何使用 OWASP Top 10 启动 AppSec
+ About OWASP: OWASP 相关
+ Top 10:2021 List: Top 10:2021 名单
+ A01 Broken Access Control: A01 权限控制失效
+ A02 Cryptographic Failures: A02 加密机制失效
+ A03 Injection: A03 注入式攻击
+ A04 Insecure Design: A04 不安全设计
+ A05 Security Misconfiguration: A05 安全设定缺陷
+ A06 Vulnerable and Outdated Components: A06 危险或过旧的组件
+ A07 Identification and Authentication Failures: A07 认证及体验机制失效
+ A08 Software and Data Integrity Failures: A08 软体及资料完整性失效
+ A09 Security Logging and Monitoring Failures: A09 安全记录及监控失效
+ A10 Server Side Request Forgery (SSRF): A10 服务端请求伪造
+ Next Steps: 下一步
- locale: zh-TW
name: zh-TW - 繁體中文
build: true
- nav_translations:
- ar:
- Home: الصفحة الرئيسية
- Notice: ملاحظات
- Introduction: المقدمة
- How to use the OWASP Top 10 as a standard: كيف تستخدم إطار أعلى عشرة مخاطر من أواسب كنموذج معياري.
- How to start an AppSec program with the OWASP Top 10: كيف تبدأ امن التطبيقات مع أعلى عشرة مخاطر من أواسب
- About OWASP: عن أواسب
- Top 10:2021 List: قائمة اعلى عشرة مخاطر لعام 2021
- A01 Broken Access Control: A01 تخطي صلاحيات الوصول
- A02 Cryptographic Failures: A02 فشل آلية التشفير
- A03 Injection: A03 الحقن
- A04 Insecure Design: A04 التصميم الغير آمن
- A05 Security Misconfiguration: A05 الإعدادات الأمنية الخاطئة
- A06 Vulnerable and Outdated Components: A06 الثغرات و المكونات الغير المحدثة
- A07 Identification and Authentication Failures: A07 الهوية و فشل عملية التحقق
- A08 Software and Data Integrity Failures: A08 فشل سلامة البيانات والبرمجيات
- A09 Security Logging and Monitoring Failures: A09 فشل في تسجيل السجلات الأمنية والمراقبة
- A10 Server Side Request Forgery (SSRF): A10 تزوير الطلبات من جانب الخادم SSRF
- Next Steps: الخطوات المقبلة
- de:
- Home: Startseite
- Notice: Anmerkung
- Introduction: Einführung
- How to use the OWASP Top 10 as a standard: Wie man die OWASP Top 10 als Standard verwendet
- How to start an AppSec program with the OWASP Top 10: Wie man ein AppSec-Program mit den OWASP Top 10 beginnt
- About OWASP: Über OWASP
- Top 10:2021 List: Liste der Top 10:2021
- A01 Broken Access Control: A01 - Mangelhafte Zugriffskontrolle
- A02 Cryptographic Failures: A02 - Fehlerhafter Einsatz von Kryptographie
- A03 Injection: A03 - Injection
- A04 Insecure Design: A04 - Unsicheres Anwendungsdesign
- A05 Security Misconfiguration: A05 - Sicherheitsrelevante Fehlkonfiguration
- A06 Vulnerable and Outdated Components: A06 - Unsichere oder veraltete Komponenten
- A07 Identification and Authentication Failures: A07 - Fehlerhafte Authentifizierung
- A08 Software and Data Integrity Failures: A08 - Fehlerhafte Prüfung der Software- und Datenintegrität
- A09 Security Logging and Monitoring Failures: A09 - Unzureichendes Logging und Sicherheitsmonitoring
- A10 Server Side Request Forgery (SSRF): A10 - Server-Side Request Forgery (SSRF)
- Next Steps: Nächste Schritte
- es:
- Home: Inicio
- Notice: Notas
- Introduction: Introducción
- How to use the OWASP Top 10 as a standard: Cómo utilizar el OWASP Top 10 como un estándar
- How to start an AppSec program with the OWASP Top 10: Cómo iniciar un programa de AppSec con el OWASP Top 10
- About OWASP: Acerca de OWASP
- Top 10:2021 List: 'Top 10: Lista 2021'
- A01 Broken Access Control: A01 Pérdida de Control de Acceso
- A02 Cryptographic Failures: A02 Fallas Criptográficas
- A03 Injection: A03 Inyección
- A04 Insecure Design: A04 Diseño Inseguro
- A05 Security Misconfiguration: A05 Configuración de Seguridad Incorrecta
- A06 Vulnerable and Outdated Components: A06 Componentes Vulnerables y Desactualizados
- A07 Identification and Authentication Failures: A07 Fallas de Identificación y Autenticación
- A08 Software and Data Integrity Failures: A08 Fallas en el Software y en la Integridad de los Datos
- A09 Security Logging and Monitoring Failures: A09 Fallas en el Registro y Monitoreo
- A10 Server Side Request Forgery (SSRF): A10 Falsificación de Solicitud del Lado del Servidor (SSRF)
- Next Steps: Próximos pasos
- fr:
- Home: Page d'accueil
- Notice: Note
- Introduction: Introduction
- How to use the OWASP Top 10 as a standard: Comment utiliser le Top 10 OWASP comme standard
- How to start an AppSec program with the OWASP Top 10: Comment démarrer un programme SecApp avec l'OWASP Top 10
- About OWASP: À propos de l'OWASP
- Top 10:2021 List: Liste top 10:2021
- A01 Broken Access Control: A01 Contrôles d'accès défaillants
- A02 Cryptographic Failures: A02 Défaillances cryptographiques
- A03 Injection: A03 Injection
- A04 Insecure Design: A04 Conception non sécurisée
- A05 Security Misconfiguration: A05 Mauvaise configuration de sécurité
- A06 Vulnerable and Outdated Components: A06 Composants vulnérables et obsolètes
- A07 Identification and Authentication Failures: A07 Identification et authentification de mauvaise qualité
- A08 Software and Data Integrity Failures: A08 Manque d'intégrité des données et du logiciel
- A09 Security Logging and Monitoring Failures: A09 Carence des systèmes de contrôle et de journalisation
- A10 Server Side Request Forgery (SSRF): A10 Falsification de requête côté serveur (SSRF)
- Next Steps: Étapes suivantes
- id:
- Home: Beranda
- Notice: Pemberitahuan
- Introduction: Pengenalan
- How to use the OWASP Top 10 as a standard: Bagaimana cara menggunakan OWASP Top 10 sebagai sebuah standarisasi
- How to start an AppSec program with the OWASP Top 10: Bagaimana cara untuk memulai program AppSec dengan OWASP Top 10
- About OWASP: Tentang OWASP
- Top 10:2021 List: Daftar Top 10:2021
- A01 Broken Access Control: A01 Kerusakan Akses Kontrol
- A02 Cryptographic Failures: A02 Kegagalan Kriptografi
- A03 Injection: A03 Injeksi
- A04 Insecure Design: A04 Insecure Design
- A05 Security Misconfiguration: A05 Kesalahan Konfigurasi Keamanan
- A06 Vulnerable and Outdated Components: A06 Komponen yang Rentan dan Kedaluwarsa
- A07 Identification and Authentication Failures: A07 Kegagalan Identifikasi dan Otentikasi
- A08 Software and Data Integrity Failures: A08 Kegagalan Integritas Data dan Perangkat Lunak
- A09 Security Logging and Monitoring Failures: A09 Kegagalan dalam Keamanan Logging dan Monitoring
- A10 Server Side Request Forgery (SSRF): A10 Server-Side Request Forgery (SSRF)
- Next Steps: Langkah Selanjutnya
- it:
- Home: Home
- Notice: Avvisi
- Introduction: Introduzione
- How to use the OWASP Top 10 as a standard: Come utilizzare la OWASP Top 10 come standard
- How to start an AppSec program with the OWASP Top 10: Come avviare un programma di AppSec con la OWASP Top 10
- About OWASP: A proposito di OWASP
- Top 10:2021 List: Lista top 10:2021
- A01 Broken Access Control: A01 Broken Access Control
- A02 Cryptographic Failures: A02 Cryptographic Failures
- A03 Injection: A03 Injection
- A04 Insecure Design: A04 Insecure Design
- A05 Security Misconfiguration: A05 Security Misconfiguration
- A06 Vulnerable and Outdated Components: A06 Vulnerable and Outdated Components
- A07 Identification and Authentication Failures: A07 Identification and Authentication Failures
- A08 Software and Data Integrity Failures: A08 Software and Data Integrity Failures
- A09 Security Logging and Monitoring Failures: A09 Security Logging and Monitoring Failures
- A10 Server Side Request Forgery (SSRF): A10 Server Side Request Forgery (SSRF)
- Next Steps: Prossimi passi
- ja:
- Home: ホーム
- Notice: 注意事項
- Introduction: 導入
- How to use the OWASP Top 10 as a standard: OWASP Top 10 をスタンダードとして使うには
- How to start an AppSec program with the OWASP Top 10: OWASP Top 10 を使ってアプリケーションセキュリティプログラムを始めるには
- About OWASP: OWASPについて
- Top 10:2021 List: Top 10:2021 一覧
- A01 Broken Access Control: A01 アクセス制御の不備
- A02 Cryptographic Failures: A02 暗号化の失敗
- A03 Injection: A03 インジェクション
- A04 Insecure Design: A04 安全が確認されない不安な設計
- A05 Security Misconfiguration: A05 セキュリティの設定ミス
- A06 Vulnerable and Outdated Components: A06 脆弱で古くなったコンポーネント
- A07 Identification and Authentication Failures: A07 識別と認証の失敗
- A08 Software and Data Integrity Failures: A08 ソフトウェアとデータの整合性の不具合
- A09 Security Logging and Monitoring Failures: A09 セキュリティログとモニタリングの失敗
- A10 Server Side Request Forgery (SSRF): A10 サーバーサイドリクエストフォージェリ (SSRF)
- Next Steps: Next Steps
- pt-BR:
- Home: Início
- Notice: Notas
- Introduction: Introdução
- How to use the OWASP Top 10 as a standard: Como usar o OWASP Top 10 como padrão
- How to start an AppSec program with the OWASP Top 10: Como iniciar um programa AppSec com o OWASP Top 10
- About OWASP: Sobre OWASP
- Top 10:2021 List: Lista top 10:2021
- A01 Broken Access Control: A01 Quebra de Controle de Acesso
- A02 Cryptographic Failures: A02 Falhas Criptográficas
- A03 Injection: A03 Injeção
- A04 Insecure Design: A04 Design Inseguro
- A05 Security Misconfiguration: A05 Configuração Incorreta de Segurança
- A06 Vulnerable and Outdated Components: A06 Componentes Vulneráveis e Desatualizados
- A07 Identification and Authentication Failures: A07 Falhas de identificação e autenticação
- A08 Software and Data Integrity Failures: A08 Falhas de Software e Integridade de Dados
- A09 Security Logging and Monitoring Failures: A09 Falhas de registro e monitoramento de segurança
- A10 Server Side Request Forgery (SSRF): A10 Falsificação de Solicitação do Lado do Servidor (SSRF)
- Next Steps: Próximos passos
- zh-TW:
- Home: 首頁
- Notice: 注意事項
- Introduction: OWASP 2021 介紹
- How to use the OWASP Top 10 as a standard: 如何正確使用 OWASP Top 10 為標準
- How to start an AppSec program with the OWASP Top 10: 如何使用 OWASP Top 10 啟動 AppSec
- About OWASP: OWASP 相關
- Top 10:2021 List: Top 10:2021 名單
- A01 Broken Access Control: A01 權限控制失效
- A02 Cryptographic Failures: A02 加密機制失效
- A03 Injection: A03 注入式攻擊
- A04 Insecure Design: A04 不安全設計
- A05 Security Misconfiguration: A05 安全設定缺陷
- A06 Vulnerable and Outdated Components: A06 危險或過舊的元件
- A07 Identification and Authentication Failures: A07 認證及驗證機制失效
- A08 Software and Data Integrity Failures: A08 軟體及資料完整性失效
- A09 Security Logging and Monitoring Failures: A09 資安記錄及監控失效
- A10 Server Side Request Forgery (SSRF): A10 伺服端請求偽造
- Next Steps: 下一步
- zh-Hant:
- Home: 首頁
- Notice: 注意事项
- Introduction: OWASP 2021 介紹
- How to use the OWASP Top 10 as a standard: 如何正确使用 OWASP Top 10 为标准
- How to start an AppSec program with the OWASP Top 10: 如何使用 OWASP Top 10 启动 AppSec
- About OWASP: OWASP 相关
- Top 10:2021 List: Top 10:2021 名单
- A01 Broken Access Control: A01 权限控制失效
- A02 Cryptographic Failures: A02 加密机制失效
- A03 Injection: A03 注入式攻击
- A04 Insecure Design: A04 不安全设计
- A05 Security Misconfiguration: A05 安全设定缺陷
- A06 Vulnerable and Outdated Components: A06 危险或过旧的组件
- A07 Identification and Authentication Failures: A07 认证及体验机制失效
- A08 Software and Data Integrity Failures: A08 软体及资料完整性失效
- A09 Security Logging and Monitoring Failures: A09 安全记录及监控失效
- A10 Server Side Request Forgery (SSRF): A10 服务端请求伪造
- Next Steps: 下一步
- - macros: # needs to be the last plugin to export the final osib-YAML file for all languages
+ nav_translations:
+ Home: 首頁
+ Notice: 注意事項
+ Introduction: OWASP 2021 介紹
+ How to use the OWASP Top 10 as a standard: 如何正確使用 OWASP Top 10 為標準
+ How to start an AppSec program with the OWASP Top 10: 如何使用 OWASP Top 10 啟動 AppSec
+ About OWASP: OWASP 相關
+ Top 10:2021 List: Top 10:2021 名單
+ A01 Broken Access Control: A01 權限控制失效
+ A02 Cryptographic Failures: A02 加密機制失效
+ A03 Injection: A03 注入式攻擊
+ A04 Insecure Design: A04 不安全設計
+ A05 Security Misconfiguration: A05 安全設定缺陷
+ A06 Vulnerable and Outdated Components: A06 危險或過舊的元件
+ A07 Identification and Authentication Failures: A07 認證及驗證機制失效
+ A08 Software and Data Integrity Failures: A08 軟體及資料完整性失效
+ A09 Security Logging and Monitoring Failures: A09 資安記錄及監控失效
+ A10 Server Side Request Forgery (SSRF): A10 伺服端請求偽造
+ Next Steps: 下一步
+
+ - macros: # needs to be the last plugin to export the final osib-YAML file for all languages
module_name: '../osib/osib_macro'
include_dir: '../osib/include'
- verbose: false # debug
+ verbose: false # debug
on_error_fail: true
extra:
- alternate: # see https://squidfunk.github.io/mkdocs-material/setup/changing-the-language/#site-language-selector
+ social:
+ - icon: fontawesome/brands/github
+ link: https://github.com/OWASP/Top10/
+ - icon: fontawesome/brands/twitter
+ link: https://twitter.com/owasp
+ - icon: fontawesome/brands/linkedin
+ link: https://www.linkedin.com/company/owasp/
+ - icon: fontawesome/brands/youtube
+ link: https://www.youtube.com/user/owaspglobal
+ alternate: # see https://squidfunk.github.io/mkdocs-material/setup/changing-the-language/#site-language-selector
- name: en - English
- link: ./en/
+ link: ./
lang: en
- name: ar - ﺎﻠﻋﺮﺒﻳﺓ
link: ./ar/
diff --git a/2021/overrides/main.html b/2021/overrides/main.html
new file mode 100644
index 000000000..94d9808cc
--- /dev/null
+++ b/2021/overrides/main.html
@@ -0,0 +1 @@
+{% extends "base.html" %}
diff --git a/2021/requirements-test.txt b/2021/requirements-test.txt
new file mode 100644
index 000000000..6a524050b
--- /dev/null
+++ b/2021/requirements-test.txt
@@ -0,0 +1 @@
+linkcheckmd==1.4.0
diff --git a/2021/requirements.txt b/2021/requirements.txt
index 42ba73c42..9544a840d 100644
--- a/2021/requirements.txt
+++ b/2021/requirements.txt
@@ -1,11 +1,11 @@
-requests
-feedgen
-wheel
-mkdocs
-mkdocs-material
-pymdown-extensions
-Pygments
-mkdocs-static-i18n[material]
-mkdocs-macros-plugin
-dacite
+requests==2.27.1
+feedgen==0.9.0
+mkdocs==1.6.1
+mkdocs-material==9.6.15
+pymdown-extensions==10.16
+Pygments==2.19.2
+mkdocs-static-i18n[material]==1.3.0
+mkdocs-macros-plugin==1.3.7
+mkdocs-git-revision-date-plugin==0.3.2
+dacite==1.9.2
git+https://github.com/OWASP/OSIB.git#subdirectory=mkdocs_macro_osib_package
diff --git a/Makefile b/Makefile
deleted file mode 100644
index be2d4ae66..000000000
--- a/Makefile
+++ /dev/null
@@ -1,14 +0,0 @@
-.PHONY: help
-.SILENT:
-
-help:
- @grep -E '^[a-zA-Z_-]+:.*?# .*$$' $(MAKEFILE_LIST) | sort | awk 'BEGIN {FS = ":.*?# "}; {printf "\033[36m%-30s\033[0m %s\n", $$1, $$2}'
-
-install-python-requirements: # Install Python 3 required libraries
- python3 -m pip install -r requirements.txt
-
-generate-site: # Use custom-script to generate the website
- (cd scripts && bash Generate_Site_mkDocs.sh)
-
-serve: # Start's a Python http.server on port 8000 serving the content of ./generated/site
- python3 -m http.server -d generated/site
diff --git a/markdown-link-check-config.json b/markdown-link-check-config.json
deleted file mode 100644
index fcd15d16e..000000000
--- a/markdown-link-check-config.json
+++ /dev/null
@@ -1,33 +0,0 @@
-{
- "ignorePatterns": [
- {
- "pattern": "^bundle.zip"
- },
- {
- "pattern": "^News.xml"
- },
- {
- "pattern": "^/"
- },
- {
- "pattern": "vincent.bernat.im"
- },
- {
- "pattern": "developer.android.com"
- },
- {
- "pattern": "csrc.nist.gov"
- },
- {
- "pattern": "www.exploit-db.com"
- }
- ],
- "httpHeaders": [
- {
- "urls": ["https://", "http://"],
- "headers": {
- "User-Agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:64.0) Gecko/20100101 Firefox/64.0"
- }
- }
- ]
-}
diff --git a/mkdocs.yml b/mkdocs.yml
deleted file mode 100644
index 7312e3688..000000000
--- a/mkdocs.yml
+++ /dev/null
@@ -1,51 +0,0 @@
-# Project information
-site_name: OWASP Top 10
-site_url: https://owasp.org/Top10
-site_description: OWASP Top 10 2021 Draft
-# Repository
-repo_name: OWASP/Top10
-repo_url: https://github.com/OWASP/Top10
-edit_uri: ""
-
-# Copyright
-copyright: © Copyright 2021 - OWASP Top 10 team - This work is licensed under a Creative Commons Attribution 3.0 Unported License.
-
-#Config
-docs_dir: 2021/docs
-google_analytics:
- - !!python/object/apply:os.getenv ["WORKFLOW_GOOGLE_ANALYTICS_KEY", "none"]
- - auto
-use_directory_urls: false
-plugins:
- - search:
- # prebuild_index: true
- lang:
- - en
-#For read the docs
-# theme:
-# name: readthedocs
-# custom_dir: custom_theme/
-# highlightjs: true
-# sticky_navigation: false
-# markdown_extensions:
-# - pymdownx.emoji:
-# emoji_index: !!python/name:pymdownx.emoji.twemoji
-# emoji_generator: !!python/name:pymdownx.emoji.to_alt
-# - toc:
-# permalink: true
-
-#For material
-theme:
- name: material
- custom_dir: custom_theme/
- favicon: assets/WebSite_Favicon.png
- logo: "assets/OWASP_Logo_Transp.png"
-markdown_extensions:
- - pymdownx.highlight
- - pymdownx.superfences # Required by Pygments
- - pymdownx.inlinehilite
- - pymdownx.emoji:
- emoji_index: !!python/name:pymdownx.emoji.twemoji
- emoji_generator: !!python/name:pymdownx.emoji.to_svg
- - toc:
- permalink: true
diff --git a/requirements.txt b/requirements.txt
deleted file mode 100644
index 041c9865c..000000000
--- a/requirements.txt
+++ /dev/null
@@ -1,8 +0,0 @@
-requests
-feedgen
-wheel
-mkdocs
-mkdocs-material
-pymdown-extensions
-Pygments
-mkdocs-static-i18n