OWASP Top Ten 2017

Table of Contents

Table of Contents
Table of Contents
Foreword
Introduction
Release Notes
Application Security Risks
2017 Top 10
A1:2017-Injection
A2:2017-Broken Authentication
A3:2017-Sensitive Data Exposure
A4:2017-XML External Entities (XXE)
A5:2017-Broken Access Control
A6:2017-Security Misconfiguration
A7:2017-Cross-Site Scripting (XSS)
A8:2017-Insecure Deserialization
A9:2017-Using Components with Known Vulnerabilities
A10:2017-Insufficient Logging & Monitoring
What's Next for Developers
What's Next for Security Testers
What's Next for Organizations
What's Next for Application Managers
Note About Risks
Details About Risk Factors
Top 10-2017 Methodology and Data
Top 10-2017 Acknowledgements

Project Page: OWASP Top Ten Project
About OWASP
The Open Web Application Security Project (OWASP) is an open community dedicated to enabling organizations to develop, purchase, and maintain applications and APIs that can be trusted.

At OWASP, you’ll find free and open:
* Application security tools and standards.
* Complete books on application security testing, secure code development, and secure code review.
* Presentations and videos.
* Cheat sheets on many common topics.
* Standard security controls and libraries.
* Local chapters worldwide.
* Cutting edge research.
* Extensive conferences worldwide.
* Mailing lists.

Learn more at: https://owasp.org.

All OWASP tools, documents, videos, presentations, and chapters are free and open to anyone interested in improving application security.

We advocate approaching application security as a people, process, and technology problem, because the most effective approaches to application security require improvements in these areas.

OWASP is a new kind of organization. Our freedom from commercial pressures allows us to provide unbiased, practical, and cost-effective information about application security.

OWASP is not affiliated with any technology company, although we support the informed use of commercial security technology. OWASP produces many types of materials in a collaborative, transparent, and open way.

The OWASP Foundation is the non-profit entity that ensures the project’s long-term success. Almost everyone associated with OWASP is a volunteer, including the OWASP board, chapter leaders, project leaders, and project members. We support innovative security research with grants and infrastructure.

Come join us!