When the Open Web Application Security Project (OWASP) comes out with an updated list of the top risks, many people talk about the collection of issues as if they were vulnerabilities to be fixed. While the OWASP Top 10 Web Application Security Risks for 2021 include classes based on vulnerabilities—such as injection (No. 3 on the list) and server-side request forgery (No. 10)—the list also includes broad classes of issues such as software and data integrity (No. 7) and process failures such as insecure design (No. 4).