OWASP-TOP-10-EDI
The reference list of the top 10 web/API security risks — 2017, 2021, 2025 editions.
Definition
OWASP Top 10 2021: A01 Broken Access Control, A02 Cryptographic Failures, A03 Injection, A04 Insecure Design, A05 Security Misconfiguration, A06 Vulnerable Components, A07 Identification/Authentication Failures, A08 Software & Data Integrity Failures, A09 Logging Failures, A10 SSRF. Highly relevant for EDI self-service portals.
Origin
Maintained by OWASP Foundation (Open Worldwide Application Security Project). First edition in 2003, updated every 3-4 years.
Example in context
Audit of a partner EDI portal revealing an IDOR (A01 Broken Access Control) allowing read of another partner INVOIC.
Related terms
- Threat modeling — related structured approach.