Summary: The Open Web Application Security Project (OWASP) has launched the Non-Human Identity (NHI) Top 10 to address crucial security risks associated with machine credentials and workload identities. NHIs encompass various elements such as API keys and service accounts, which have become frequent targets of cyber attacks. This guide serves as a dedicated resource for developers to understand and mitigate the unique risks posed by NHIs.
Affected: Open Web Application Security Project (OWASP), developers, cybersecurity professionals
Keypoints :
- The NHI Top 10 highlights various risks, including misuse of NHIs by humans and the reuse of service accounts.
- Common threats include improper offboarding, insecure authentication methods, and secret leakage, which pose substantial risks to organizations.
- A standardized framework for NHI security is now essential as NHIs become increasingly prevalent in modern applications, requiring dedicated attention in security programs.
Source: https://thehackernews.com/2025/01/do-we-really-need-owasp-nhi-top-10.html