OWASP Top Ten 2017

The OWASP Top 10 is a professional list of the 10 most critical web application security issues.

Each item in the top 10:

• is categorized based on its severity and likelihood of occurrence;

• provides basic techniques to protect against these high-risk categories;

• sets guidelines on how to verify the existence of issues, how to avoid them, examples of vulnerabilities, and references for further reading.

Why follow the OWASP Top 10 list

The main purpose of the OWASP Top 10 is to educate organizations, designers, and developers about the consequences of the most significant web application security vulnerabilities.

As a foundational concept, it conveys a practical philosophy of Security by Design, which means incorporating security practices from the early stages of a web project development.

The Top 10 Vulnerabilities of 2017

• A1:2017 Injection

• A2:2017 Broken Authentication

• A3:2017 Sensitive Data Exposure

• A4:2017 XML External Entities (XXE)

• A5:2017 Broken Access Control

• A6:2017 Security Misconfiguration

• A7:2017 Cross-Site Scripting (XSS)

• A8:2017 Insecure Deserialization

• A9:2017 Using Components with Known Vulnerabilities

• A10:2017 Insufficient Logging&Monitoring

At the time of writing this editorial, Tuesday, March 2, 2020, the OWASP Top 10 2017 represents the latest version and edition of the project. The release is not on an annual basis.