This week the Open Web Application Security Project (OWASP) presented the first release candidate for the 2017 OWASP Top 10, the principal novelty is the presence of two new vulnerability categories.
The new categories introduced for OWASP Top 10 – 2017:
The 2017 OWASP Top 10 misses the “unvalidated redirects and forwards,” that was the 10th item on the current list dated back 2013.
The “insufficient attack detection and prevention” results from the merger of the current 4th and 7th items, “Insecure direct object references” and the “Missing Function Level Access Control.”
The categories have been merged into the item “Broken access control” that was dated back in 2004.
Below the description provided by OWASP for the new categories:
“Insufficient attack protection“: “The majority of applications and APIs lack the basic ability to detect, prevent, and respond to both manual and automated attacks. Attack protection goes far beyond basic input validation and involves automatically detecting, logging, responding, and even blocking exploit attempts. Application owners also need to be able to deploy patches quickly to protect against attacks.”
Security experts, developers, and users can submit comments on the 2017 OWASP Top 10 proposal via email until June 30 to OWASP-TopTen(at)lists.owasp.org, or dave.wichers(at)owasp.org (for private comments).
The final version of the 2017 OWASP Top 10 is expected to be released next summer.
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.