OWASP Releases the Top 10 2017 Security Risks

by CIRT Team

The Open Web Application Security Project (OWASP) has officially released its Top 10 most critical web application security risks four years after its last update, in 2013.

As in previous years, injection remained the top application security risk, but there has been some shuffling in the ranking, with the appearance of three newcomers — XML External Entities (XXE), Insecure Deserialization and Insufficient Logging & Monitoring. Also as in previous years, the ranking was compiled based on user submissions and open discussions.

The Top 10 now consists of (OWASP Top 10 2017 security risks):

1. Injection
2. Broker Authentication
3. Sensitive Data Exposure
4. XML External Entities (XXE)
5. Broken Access Control
6. Security Mis-configuration
7. Cross-Site Script (XSS)
8. Insecure Deserialization
9. Using Components with Known Vulnerabilities
10. Insufficient Logging and Monitoring

Below is a list describing each flaw, along with tables comparing the OWASP 2017 Top 10 with OWASP 2013 Top 10:

For details, please visit OWASP official web site.

• https://www.owasp.org/images/b/b0/OWASP_Top_10_2017_RC2_Final.pdf
• https://www.owasp.org/index.php/Main_Page

Debashis Pal
Information Security Specialist
BGD e-Gov CIRT

CIRT Team

Recommended Posts

Cyber Threat Alert: Surge in Attacks via Compromised Third-Party Service Providers

08 Feb 2024 - Articles, English articles, Security Advisories & Alerts

বাংলাদেশের আইটি কাঠামোয় তথ্য চুরির ম্যালওয়ারের বিস্তার সম্পর্কে সতর্কতা

18 Jan 2024 - Articles, Bangla Articles, News, Security Advisories & Alerts

সাইবার থ্রেট এলার্টঃ বাংলাদেশকে লক্ষ্য করে চলমান ফিশিং ক্যাম্পেইন

04 Jan 2024 - News, Security Advisories & Alerts