The new version of OWASP top 10 vulnerabilities has been published

Haythem Elmir

The final version of the 2017 OWASP Top 10 has been released on Monday and some kinds of vulnerabilities that are not serious have been substituted with vulnerabilities that are more expected to pose a significant threat.

Many years ago, injection remained the top web application security vulnerability, but there has been some changing in the ranking, with the arrival of three new issues— Insecure Deserialization, XML External Entities (XXE) and Insufficient Logging&Monitoring.

The 2017 OWASP Top 10 vulnerabilities include the following:

-Broken authentication
-Sensitive data exposure
-XML external entity (XXE)
-Broken access control
-Security misconfiguration
-Cross-site scripting (XSS)
-Insecure deserialization
-Using components with known vulnerabilities
-Insufficient logging and monitoring

According to OWASP:
Two key differentiators from previous OWASP Top 10 releases are the substantial community feedback and extensive data assembled from dozens of organizations, possibly the largest amount of data ever assembled in the preparation of an application security standard. This provides us with confidence that the new OWASP Top 10 addresses the most impactful application security risks currently facing organizations.
Cross-site request forgery issue has been removed from the list because most of the development frameworks guarantee that such vulnerabilities are avoided, which make CSRF issue seen in less than 5% of applications. Unvalidated redirects and forwards have also been removed as they affect only around 8% of apps.

To read about The 2017 OWASP Top 10 vulnerabilities 

To read the original article:

Laisser un commentaire

Next Post

After Getting Hacked, Uber Paid Hackers $100,000 to Keep Data Breach Secret

Uber is in headlines once again—this time for concealing last year’s data breach that exposed personal data of 57 million customers and drivers. On Tuesday, Uber announced that the company suffered a massive data breach in October 2016 that exposed names, e-mail addresses and phone numbers of 57 million Uber […]