The final version of the 2017 OWASP Top 10 has been released on Monday and some kinds of vulnerabilities that are not serious have been substituted with vulnerabilities that are more expected to pose a significant threat.
Many years ago, injection remained the top web application security vulnerability, but there has been some changing in the ranking, with the arrival of three new issues— Insecure Deserialization, XML External Entities (XXE) and Insufficient Logging&Monitoring.
The 2017 OWASP Top 10 vulnerabilities include the following:
-Sensitive data exposure
-XML external entity (XXE)
-Broken access control
-Cross-site scripting (XSS)
-Using components with known vulnerabilities
-Insufficient logging and monitoring
According to OWASP:
Two key differentiators from previous OWASP Top 10 releases are the substantial community feedback and extensive data assembled from dozens of organizations, possibly the largest amount of data ever assembled in the preparation of an application security standard. This provides us with confidence that the new OWASP Top 10 addresses the most impactful application security risks currently facing organizations.
To read about The 2017 OWASP Top 10 vulnerabilities