May 2024 | Threat Trends
Top 3 OWASP Top 10 Risk Categories Found in Checkmarx One Scans

Between April and May, the Checkmarx security research team analyzed the most common OWASP Top 10 risk categories identified within more than 20,000 scans of projects on the Checkmarx One platform. The analysis focused on uncovering critical risks in application code and correlating them with the OWASP Top 10 categories for Web Applications. Here are the top three web application security risk categories found in those 20,000+ scans.


A01 - Broken access control – 43.1%
Broken Access Control weaknesses can lead to unauthorized access to sensitive data and functionalities by allowing users to perform actions outside their intended permissions. This can result in unauthorized information disclosure, data modification, or destruction.

A03:2021 – Injection – 29.5%
Injection vulnerabilities can result in unauthorized access, data leakage, and remote code execution by manipulating input data to execute unintended commands or queries.

A08:2021 - Software and data integrity failures – 27.4%
Software and Data Integrity Failures can lead to unauthorized code execution, data corruption, and system compromise by relying on untrusted sources for updates and plugins.
Need comprehensive, prioritized vulnerability intel delivered right into your IDE? Check out Checkmarx One
Subscribe for Monthly Trend Alerts
Industry Recognition
