How Beagle View of OWASP Top-10 Can Restrict the Optimal Web-App Security: The Security Ladder for Optimal Posture

Year : 2025 | Volume : 03 | Issue : 01 | Page : 19-39
    By

    Ashish Kumawat,

  • Kiran Gunturu,

  • Aditya Sharad Bhosale,

  1. Senior Security Consultant, Cybersecurity Professional, qSEAp Infotech Pvt. Ltd., Millenium Business Park, Mahape, Navi Mumbai, Maharashtra, India
  2. Associate Security Consultant, Cybersecurity Professional, qSEAp Infotech Pvt. Ltd., Millenium Business Park, Mahape, Navi Mumbai, Maharashtra, India
  3. Security Consultant, Cybersecurity Professional, qSEAp Infotech Pvt. Ltd., Millenium Business Park, Mahape, Navi Mumbai, Maharashtra, India

Abstract

Is OWASP Top-10 good enough to ensure that your web application is secure enough? When it comes to application security, many of us in the information security community, are generally overwhelmed with the OWASP Top-10. Even when we deliberate with developers, OWASP Top-10 is on top of our agenda, and surprisingly the only agenda in many discussions. The approach adopted for this paper is two-pronged: Secondary data – Open source, literature review; Primary data Proof of concept for those vulnerabilities which are not covered by OWASP Top-10. As part of our study, we have demonstrated how OWASP Top-10 can cover a variety of vulnerabilities while there can be vulnerabilities which remain uncovered in OWASP Top-10. Our findings suggest that remaining focused just on one framework may not be an optimal strategy. To overcome this bias, we have suggested a security ladder methodology which can suit a variety of organizations and can cater to an optimal web app security posture.

Keywords: OWASP Top-10, threat modeling, web-application security, cybersecurity, security ladder

[This article belongs to International Journal of Information Security Engineering ]

How to cite this article:
Ashish Kumawat, Kiran Gunturu, Aditya Sharad Bhosale. How Beagle View of OWASP Top-10 Can Restrict the Optimal Web-App Security: The Security Ladder for Optimal Posture. International Journal of Information Security Engineering. 2025; 03(01):19-39.
How to cite this URL:
Ashish Kumawat, Kiran Gunturu, Aditya Sharad Bhosale. How Beagle View of OWASP Top-10 Can Restrict the Optimal Web-App Security: The Security Ladder for Optimal Posture. International Journal of Information Security Engineering. 2025; 03(01):19-39. Available from: https://journals.stmjournals.com/ijise/article=2025/view=201730



References

  1. Arnstein SR. A ladder of citizen participation. J Am Plann Assoc. 2019; 85 (1): 24–34.
  2. Mendoza A, Gu G. Mobile application web API reconnaissance: web-to-mobile inconsistencies & vulnerabilities. In: 2018 IEEE Symposium on Security and Privacy (SP), San Francisco, CA, USA, May 20–24, 2018. pp. 756–769.
  3. Cappelli DM, Moore AP, Trzeciak RF. The CERT Guide to Insider Threats: How to Prevent, Detect, and Respond to Information Technology Crimes (Theft, Sabotage, Fraud). Boston, MA, USA: Addison-Wesley; 2012.
  4. Groš S. A critical view on CIS controls. In: 2021 16th International Conference on Telecommunications (ConTEL), Zagreb, Croatia, June 30–July 2, 2021. pp. 122–128.
  5. Bashir T. Zero trust architecture: enhancing cybersecurity in enterprise networks. J Computer Sci Technol Stud. 2024; 6 (4): 54–59.
  6. Cloud Security Alliance. Home | CSA. [Online]. Cloudsecurityalliance.org. 2024. Available at https://cloudsecurityalliance.org/
  7. Pizzorno A. On the individualistic theory of social order. In: Bourdieu P, Coleman JS, editors. Social Theory for a Changing Society. New York, NY, USA: Routledge; 2019. pp. 209–244.
  8. Gartner. Delivering Actionable, Objective Insight to Executives and Their Teams. [Online]. Gartner. 2025. Available at https://www.gartner.com/en
  9. McGraw G, Chess B, Migues S. Building Security in Maturity Model. San Mateo, CA, USA: Fortify & Cigital; 2009.
  10. Souppaya M, Scarfone K, Dodson D. Secure software development framework (SSDF) version 1.1. NIST Special Publication. 2022; 800: 218.
  11. Ponemon Institute. Home. [Online]. Ponemon Institute. 2020. Available at https://www. ponemon.org/
  12. Upadhyay D, Ware NR. Evolving trends in web application vulnerabilities: a comparative study of OWASP Top 10 2017 and OWASP Top 10 2021. Int J Eng Technol Manage Sci. 2023; 7 (6): 262–269.
  13. Nedeljković N, Vugdelija N, Kojić N. Use of “OWASP Top 10” in web application security. In: Fourth International Scientific Conference on Recent Advances in Information Technology, Tourism, Economics, Management and Agriculture, Online/Virtual, October 8, 2020. p. 25.
  14. Riggs FW, MacKean DD. Administration in Developing Countries: The Theory of Prismatic Society. Boston, MA, USA: Houghton Mifflin; 1964.
  15. Rose S, Borchert O, Mitchell S, Connelly S. Zero trust architecture. August 2020. Available at https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-207.pdf
  16. CISO Magazine. CISO MAG | Cyber Security Magazine. [Online]. 2022. Available at https://cisomag.com/magazine/
Regular Issue Subscription Review Article
Volume 03
Issue 01
Received 22/01/2025
Accepted 24/01/2025
Published 12/02/2025
Publication Time 21 Days
Total Visits: 68


My IP

PlumX Metrics