Non-human identities (NHIs) vastly outnumber human identities in organizations, making them a significant risk vector for security breaches. OWASP's new Top 10 list highlights critical risks associated with NHIs, including improper offboarding, secret leakage, third-party vulnerabilities, insecure authentication, overprivileged access, insecure cloud configurations, long-lived secrets, lack of environment isolation, credential reuse, and human misuse of NHIs. To mitigate these risks, OWASP recommends various strategies such as standardizing offboarding processes, using modern authentication protocols, enforcing least privilege, and regularly auditing NHI activities.
Sort: