OWASP Releases the Top 10 2017 Security Risks

OWASP Releases the Top 10 2017 Security Risks

The Open Web Application Security Project (OWASP) has officially released its Top 10 most critical web application security risks four years after its last update, in 2013.

As in previous years, injection remained the top application security risk, but there has been some shuffling in the ranking, with the appearance of three newcomers — XML External Entities (XXE), Insecure Deserialization and Insufficient Logging & Monitoring. Also as in previous years, the ranking was compiled based on user submissions and open discussions.

The Top 10 now consists of (OWASP Top 10 2017 security risks):

  1. Injection
  2. Broker Authentication
  3. Sensitive Data Exposure
  4. XML External Entities (XXE)
  5. Broken Access Control
  6. Security Mis-configuration
  7. Cross-Site Script (XSS)
  8. Insecure Deserialization
  9. Using Components with Known Vulnerabilities
  10. Insufficient Logging and Monitoring

Below is a list describing each flaw, along with tables comparing the OWASP 2017 Top 10 with OWASP 2013 Top 10:

For details, please visit OWASP official web site.


Debashis Pal
Information Security Specialist