The OWASP Top 10 Insider Threats shall provide information about the top Insider Threats, Risks and Vulnerabilities.
- INT01:2023 – Outdated Software
- INT02:2023 – Insufficient Threat Detection
- INT03:2023 – Insecure Configurations
- INT04:2023 – Insecure Resource and User Management
- INT05:2023 – Insecure Use of Cryptography
- INT06:2023 – Insecure Network Access Management
- INT07:2023 – Insecure Passwords and Default Credentials
- INT08:2023 – Information Leakage
- INT09:2023 – Insecure Access to Ressources and Management Components
- INT10:2023 – Insufficient Asset Management and Documentation
This OWASP Project aims to raise awareness and provide quality information regarding Insider Threats, Risks and Vulnerabilities. Insider Threats play an essential role in information security. After initial access, these vulnerabilities are the leading cause of compromising whole companies and organizations. Even though these Threats play an important role in the cyber kill chain, they are often overlooked by companies and organizations because the attack vectors originate from the inside and not outside. Companies and organizations have to keep in mind that a defense line only to the outside isn't enough. If an attacker is able to get through this line of defense or around, e.g. via Phishing, and gets an initial pivot point, internal defense mechanisms are mandatory. Especially Threat Detection and Monitoring are needed to identify internal attacks and threat actors. These are the reasons why this project came to life. We want to provide useful and quality information and raise awareness about these threats in general to improve the internal security of companies and organizations worldwide.
To further improve the quality and significance of the OWASP Top 10 Insider Threats, we kindly invite you to join our Open Call for Data for 2024. There, you can donate data, anonymously or publicly, to the Project. In the course of 2024, we will collect all the data and then process it for 2025. This way, we plan to publish the OWASP Top 10 Insider Threats - Version 2025 using an even more extensive dataset and further improve the quality and significance. Contributors and donors will be listed as sponsors, if they wish so, on the related project pages. We also plan on doing CVE and CWE research for vulnerabilities regarding insider threats. For more information and how to contribute, please follow this link.