You may ask yourself, why there is no update? The reason for the delay is that there has been little change in the Web applications top 10.
They produce a new OWASP Top 10 every 3 years because this seems to balance the rate of change in the web applications security market.
They produce a new OWASP Top 10 every 3 years because this seems to balance the rate of change in the web applications security market.
What Changed From 2013 to 2017?
– They merged both “2013-A4: Insecure Direct Object References and 2013-A7: Missing Function Level Access Control” into 2017-A4: Broken Access Control.
– They added 2017-A7: Insufficient Attack Protection.
– They also added 2017-A10: Underprotected APIs.
– They dropped: 2013-A10: Unvalidated Redirects and Forwards by adding this category to the security awareness of the issue.
OWASP plans to release the final OWASP Top 10 – 2017 in July or August 2017 after a public comment period ending June 30, 2017.
The 2017 Top 10 changes show the progress towards modern, high-speed web development that we’ve seen appear across the industry. As the application security industry changes and evolves, it has gone through a transformation, some have even called it the “industrial revolution” of our business.
The only way to succeed in application security is to use a process that continuously: analyse and evaluates new threats, evolve and establishes defences and monitors those defences to make sure they are running.
The only way to succeed in application security is to use a process that continuously: analyse and evaluates new threats, evolve and establishes defences and monitors those defences to make sure they are running.
Tags:
Fact
I am looking for owasp top 10 updates. Thanks for sharing
ReplyDelete