Hacker News: OWASP Non-Human Identities Top 10

Feb 4, 2025

—

Source URL: https://owasp.org/www-project-non-human-identities-top-10/2025/
Source: Hacker News
Title: OWASP Non-Human Identities Top 10

Feedly Summary: Comments

AI Summary and Description: Yes

Summary: The OWASP Non-Human Identity (NHI) Top 10 – 2025 project outlines significant risks associated with non-human identities, which are increasingly prevalent in development environments. It emphasizes the need for developers to understand these risks to enhance security and compliance in applications that utilize NHIs.

Detailed Description: The OWASP NHI Top 10 – 2025 is a crucial initiative aimed at identifying and ranking risks related to non-human identities (NHIs), such as bots, services, or application accounts that operate without human intervention. This is particularly relevant in modern development pipelines where NHIs are integral to automation and efficiency.

– **Project Overview**:
– The project focuses on the top risks NHIs pose to application security.
– It employs the OWASP Risk Rating Methodology for compiling and ranking these risks.

– **Importance of the Project**:
– As NHIs become commonplace, there is a growing need for robust security measures to address vulnerabilities they may introduce.
– The risks associated with NHIs can lead to data breaches and compromised systems if not properly managed.

– **Data Sources**:
– The list of risks is based on a comprehensive analysis drawn from:
– Real-world breach data.
– Surveys targeting security professionals.
– Common Vulnerability and Exposures (CVE) databases.

– **Key Components**:
– The project provides not just the list of risks but also methodologies for understanding and addressing these challenges.
– Contributors from various backgrounds are encouraged to engage with the project, highlighting its collaborative nature and the importance of community input in enhancing security practices.

In conclusion, the OWASP NHI Top 10 – 2025 project is a significant resource for security and compliance professionals in the context of application development, especially in understanding and mitigating risks associated with non-human identities. This awareness can lead to improved security frameworks and practices in both cloud and on-premise environments.

1 2 5 5 Pro a Act AI analysis and Application application development application security applications art as Auto automation awareness based bots breach breaches C challenges CIA Cloud Col collaborative community compliance compliance professionals compromised systems Context CVE D data data breach Data breaches data sources database databases de developer developers development development environment development environments e efficiency environment exp Exposures for framework frameworks g hack hacker Hacker News high Highlight http HTTPS human human identities human identity identity in inter J Just k Key l Labor led mitigating risks Modern news no non non-human identities NPU o of on one OPM out over Pipeline pipelines pre professionals R rag Rank ranking rate RCE real Risk risks Ro robust security s sec security security and compliance security framework security frameworks security measure security measures security practices security professionals service services Sig SoC source system systems T text the to Tor TP US use V val vulnerabilities vulnerability Wi x