The release of OWASP Top 10 2017 RC 2

The list of Top 10 vulnerabilities from OWASP (Release Candidat 2) - the most critical security risks of web applications - has been updated.

The OWASP Top-10 project is referenced by many standards, tools, and organizations, including MITER, PCI DSS, DISA, FTC, and many others. The OWASP Top 10 is a recognized methodology for assessing web application vulnerabilities worldwide. The OWASP Top 10 project reflects the most significant threats to a web application.

The standard version is updated approximately once every three years and reflects current trends in web application security. This year there was an interim release candidate, but this document is the final release.
')

OWASP Top 10 2013

The list of the most dangerous risks (vulnerabilities) of web applications from 2013:

• A1 Code Implementation
• A2 Incorrect authentication and session management
• A3 Crossite scripting
• A4 Insecure Direct Object Links
• A5 Unsafe Configuration
• A6 Leaked sensitive data
• A7 Lack of access control to the functional level
• A8 Cross-Site Request Forgery
• A9 Using components with known vulnerabilities
• A10 Unvalidated Redirects

OWASP Top 10 2017 RC 2 Final

The list of the most dangerous risks (vulnerabilities) of web applications from 2017:

• A1 Code Implementation
• A2 Incorrect authentication and session management
• A3 Sensitive Data Leak
• A4 Implementing External XML Entities (XXE)
• A5 Access Control Violation
• A6 Unsafe configuration
• A7 Crossite scripting
• A8 Unsafe deserialization
• A9 Using components with known vulnerabilities
• A10 No logging and monitoring

Links

→ OWASP project
→ PDF version of OWASP Top 10 2017 RC 2 on github