OWASP Releases the Top 10 2017 Security Risks
The Open Web Application Security Project (OWASP) has officially released its Top 10 most critical web application security risks four years after its last update, in 2013.
As in previous years, injection remained the top application security risk, but there has been some shuffling in the ranking, with the appearance of three newcomers — XML External Entities (XXE), Insecure Deserialization and Insufficient Logging & Monitoring. Also as in previous years, the ranking was compiled based on user submissions and open discussions.
The Top 10 now consists of (OWASP Top 10 2017 security risks):
- Broker Authentication
- Sensitive Data Exposure
- XML External Entities (XXE)
- Broken Access Control
- Security Mis-configuration
- Cross-Site Script (XSS)
- Insecure Deserialization
- Using Components with Known Vulnerabilities
- Insufficient Logging and Monitoring
Below is a list describing each flaw, along with tables comparing the OWASP 2017 Top 10 with OWASP 2013 Top 10:
For details, please visit OWASP official web site.