OWASP typically updates their Top Ten Web Application Security Risks about every two years, so many of us have been excited and anxious waiting for the new release (the last formal version was published in 2017). Of course, with the way things have been in 2020, a delay is certainly understandable, but it’s nice that the new edition is finally out.

Go check it out here: https://owasp.org/Top10/

For those of you studying for INFOSEC exams where questions specifically about the Top Ten might come up (for instance, the CCSK or CCSP), I don’t know if the test material has been updated to reflect the new OWASP list, or when that might happen. I imagine there will be some lag before the tests can be modified to include the 2021 content. My advice: if you plan to take the exam before January, 2022, study the OWASP 2017; anything later, use the 2021 OWASP version.