1 Executive Summary
Every three years, the Open Web Application Security Project (OWASP) Foundation publishes its "OWASP Top 10" document, which is widely read across a broad industrial and scientific spectrum. In addition, it offers controls, cheat sheets and best practices for security testing, but is primarily focused on application security. This Leadership Brief goes a bit further and looks also at other attack vectors beyond OWASP.
A large number of Data Breaches have been featured in the press over the last twelve months. Either user data or important company data was stolen. This means that the biggest threat, apart from paralyzing a system, is the theft of information.
There are various methods that an attacker can use to access critical company information. From the manipulation of employees, the attack on company interfaces to classic malware, everything is possible - and used - to harm a company.
In OWASP's Top 10 list, Data Breaches - "A3:2017-Sensitive Data Exposure" are ranked as the third largest threat for a Web application.