OWASP Top Ten 2017
Table of Contents
Table of Contents
• Release Notes
• Application Security Risks
• 2017 Top 10
• A2:2017-Broken Authentication
• A3:2017-Sensitive Data Exposure
• A4:2017-XML External Entities (XXE)
• A5:2017-Broken Access Control
• A6:2017-Security Misconfiguration
• A7:2017-Cross-Site Scripting (XSS)
• A8:2017-Insecure Deserialization
• A9:2017-Using Components with Known Vulnerabilities
• A10:2017-Insufficient Logging & Monitoring
• What's Next for Developers
• What's Next for Security Testers
• What's Next for Organizations
• What's Next for Application Managers
• Note About Risks
• Details About Risk Factors
• Top 10-2017 Methodology and Data
• Top 10-2017 Acknowledgements
Project Page: OWASP Top Ten Project
The Open Web Application Security Project (OWASP) is an open community dedicated to enabling organizations to develop, purchase, and maintain applications and APIs that can be trusted.
At OWASP, you’ll find free and open:
* Application security tools and standards.
* Complete books on application security testing, secure code development, and secure code review.
* Presentations and videos.
* Cheat sheets on many common topics.
* Standard security controls and libraries.
* Local chapters worldwide.
* Cutting edge research.
* Extensive conferences worldwide.
* Mailing lists.
Learn more at: https://owasp.org.
All OWASP tools, documents, videos, presentations, and chapters are free and open to anyone interested in improving application security.
We advocate approaching application security as a people, process, and technology problem, because the most effective approaches to application security require improvements in these areas.
OWASP is a new kind of organization. Our freedom from commercial pressures allows us to provide unbiased, practical, and cost-effective information about application security.
OWASP is not affiliated with any technology company, although we support the informed use of commercial security technology. OWASP produces many types of materials in a collaborative, transparent, and open way.
The OWASP Foundation is the non-profit entity that ensures the project’s long-term success. Almost everyone associated with OWASP is a volunteer, including the OWASP board, chapter leaders, project leaders, and project members. We support innovative security research with grants and infrastructure.
Come join us!