OWASP Top 10 Infrastructure Security Risks – 2024

Infrastructure security refers to the protection of essential systems, services, and assets that underpin the operation of critical functions in society, including utilities (water, electricity, gas), transportation systems, communication networks, and other physical and technological structures. It encompasses a wide range of practices and measures designed to safeguard these infrastructures from threats such as cyberattacks, natural disasters, terrorism, and vandalism.

OWASP came up with Top 10 to secure infrastructure foe know threats and Vulnerabilities as below

• ISR01:2024 – Outdated Software
• ISR02:2024 – Insufficient Threat Detection
• ISR03:2024 – Insecure Configurations
• ISR04:2024 – Insecure Resource and User Management
• ISR05:2024 – Insecure Use of Cryptography
• ISR06:2024 – Insecure Network Access Management
• ISR07:2024 – Insecure Authentication Methods and Default Credentials
• ISR08:2024 – Information Leakage
• ISR09:2024 – Insecure Access to Resources and Management Components
• ISR10:2024 – Insufficient Asset Management and Documentation

Reference Link

• https://owasp.org/www-project-top-10-infrastructure-security-risks/

NOTE: The information is provide is on “as is “ basis, without assurance of any kind .

Revision history

1. 18-Nov-24 –  first advisory released. — Top 10 released
   

About The Author

Gaurav Srivastava

15+ years of commended experience in performance in vulnerability assessment and Penetration testing, perform DAST, SAST and SCA scan Application security of web application, OWASP Testing Framework/Application security controls. Testing of webservices, source code analysis, vulnerability patch management .ISO 27001:2005 security audits of function and projects.

See author's posts