OWASP Top 10 Insider Threats
Welcome to the OWASP Top 10 Insider Threats - 2023
The OWASP Top 10 Insider Threats shall provide information about the top Insider Threats, Risks and Vulnerabilities.
- INT01:2023 – Outdated Software
- INT02:2023 – Insufficient Threat Detection
- INT03:2023 – Insecure Configurations
- INT04:2023 – Insecure Resource and User Management
- INT05:2023 – Insecure Use of Cryptography
- INT06:2023 – Insecure Network Access Management
- INT07:2023 – Insecure Passwords and Default Credentials
- INT08:2023 – Information Leakage
- INT09:2023 – Insecure Access to Ressources and Management Components
- INT10:2023 – Insufficient Asset Management and Documentation
Motivation - Why is the OWASP Top 10 Insider Threats important?
This OWASP Project aims to raise awareness and provide quality information regarding Insider Threats, Risks and Vulnerabilities. Insider Threats play an essential role in information security. After initial access, these vulnerabilities are the leading cause of compromising whole companies and organizations. Even though these Threats play an important role in the cyber kill chain, they are often overlooked by companies and organizations because the attack vectors originate from the inside and not outside. Companies and organizations have to keep in mind that a defense line only to the outside isn’t enough. If an attacker is able to get through this line of defense or around, e.g. via Phishing, and gets an initial pivot point, internal defense mechanisms are mandatory. Especially Threat Detection and Monitoring are needed to identify internal attacks and threat actors. These are the reasons why this project came to life. We want to provide useful and quality information and raise awareness about these threats in general to improve the internal security of companies and organizations worldwide.
Open Call for Data, Next Version and Contribution
To further improve the quality and significance of the OWASP Top 10 Insider Threats, we kindly invite you to join our Open Call for Data for 2024. There, you can donate data, anonymously or publicly, to the Project. In the course of 2024, we will collect all the data and then process it for 2025. This way, we plan to publish the OWASP Top 10 Insider Threats - Version 2025 using an even more extensive dataset and further improve the quality and significance. Contributors and donors will be listed as sponsors, if they wish so, on the related project pages. We also plan on doing CVE and CWE research for vulnerabilities regarding insider threats. For more information and how to contribute, please follow this link.
Notice
Release
Released 13th November 2023
Lead Authors and Project Leaders
- Nick Lorenz (Profile and Links: @Sharkeonix, LinkedIn: @NickLorenz)
- Tim Barsch (GitHub: :Domai, LinkedIn: @TimBarsch)
Contributors
- Tobias Neugebauer (LinkedIn: @TobiasNeugebauer)
How you can help
For Version 2025 we are making an Open Call for Data. We would be happy if you want to contribute. For more information, please visit this site.
Log issues and pull requests
Please log any corrections or issues:
Sponsors of the Project
Release - 2023
The OWASP Top 10 Insider Threats - 2023 is sponsored bei AWARE7.
Open Call for Data -> OWASP Top 10 Insider Threats - Version 2025
Motivation
To further improve the quality and significance of the OWASP Top 10 Insider Threats, we kindly invite you to join our Open Call for Data for 2024. There, you can contribute data, anonymously or publicly, to the project. Throughout 2024, we will collect all the data and then process this data for use in 2025. This way, we plan to publish the OWASP Top 10 Insider Threats - Version 2025 using an even more extensive dataset and further improve the quality and significance. If desired, contributors and donors will be recognized as sponsors on the relevant project pages. We also have plans to conduct CVE and CWE research for vulnerabilities regarding insider threats.
What Data is needed?
We are looking for data regarding vulnerabilities in the context of insider threats e.g. findings from internal penetration tests or similar. That way we can use the resulting dataset to evaluate what are the most common and critical vulnerabilities arising in internal IT-infrastructures.
How to submit data?
To submit data, please prepare your data to fit to the following CSV structure and submit it as one CSV file. The CSV can then be submitted via the linked Google Forms Document where you need to fill in additional data.
Google Forms Document
Google Forms for Data Submission
CSV Structure
id, count, [CWE], [INTXX:2023], (CVSS v3 score), (CVSS v3 vector), CVSS v4 score, CVSS v4 vector, title, description and details, (risk), (rectification)
- Fields with no brackets are mandatory.
- Fields with [] brackets aren’t mandatory but highly recommended, otherwise we might not be able to process and use your data.
- Fields with () brackets are optional and doesn’t need to be filled out but would help us in the later stages of the analysis.
Field Explanation
- id: Rolling identifier of finding.
- count: How many times this finding was found.
- [CWE]: If possible, relating CWE Number.
- [INTXX:2023]: If possible, relating number of OWASP Top 10 Insider Threats - Version 2023.
- CVSS v3 score: The CVSS v3 score of the finding.
- CVSS v3 vector: The CVSS v3 vector of the finding.
- CVSS v4 score: The CVSS v4 score of the finding.
- CVSS v4 vector: The CVSS v4 vector of the finding.
- title: The title of the finding.
- description and details: Brief description and explanation of the finding.
- (risk): Risks resulting from the finding.
- (rectification): How to rectify the finding.
CSV Example
id, count, [CWE], [INTXX:2023], (CVSS v3 score), (CVSS v3 vector), CVSS v4 score, CVSS v4 vector, title, description and details, (risk), (rectification)
#1, 42, CWE-1104, INT01:2023, 10.0, CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H, 10.0, CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H, Unsupported windows XP client with known vulnerabilities, A Windows XP Client was found. This version of Windows from Microsoft isn't supported anymore. There are no longer security patches and many publicly known exploits exists, including critical ones., Because this version of windows is no longer supported and there aren't security patches anymore, the number of known and critical exploits, without solutions to them, increases by time. These vulnerabilities can lead to the whole compromization of the system., It is recommended to upgrade the system to a up-to-date and supported version.
Metadata
When you fill out the Google Forms Document, you will also be asked to enter additional information about yourself and your data.
Further explanation is stated in the Google Forms Document.
Contact
If you have any questions regarding this process, feel free to write us an E-Mail: