OWASP Top 10 - 2017 Release Candidate

관리자 | 2017.04.13 14:15 | 조회 1753
OWASP Top 10 - 2017 Release Candidate

The release candidate for public comment was published 10 April 2017 and can be downloaded here.. OWASP plans to release the final OWASP Top 10 - 2017 in July or August 2017 after a public comment period ending June 30, 2017.

Constructive comments on this OWASP Top 10 - 2017 Release Candidate should be forwarded via email to the OWASP Top 10 Project Email List. Private comments may be sent to Dave Wichers. Anonymous comments are welcome. All non-private comments will be catalogued and published at the same time as the final public release. Comments recommending changes to the Top 10 should include a complete suggested list of changes, along with a rationale for each change. All comments should indicate the specific relevant page and section.

This release of the OWASP Top 10 marks this project’s fourteenth year of raising awareness of the importance of application security risks. This release follows the 2013 update, whose main change was the addition of 2013-A9 Use of Known Vulnerable Components. We are pleased to see that since the 2013 Top 10 release, a whole ecosystem of both free and commercial tools have emerged to help combat this problem as the use of open source components has continued to rapidly expand across practically every programming language. The data also suggests the use of known vulnerable components is still prevalent, but not as widespread as before. We believe the awareness of this issue the Top 10 - 2013 generated has contributed to both of these changes.

We also noticed that since CSRF was introduced to the Top 10 in 2007, it has dropped from a widespread vulnerability to an uncommon one. Many frameworks include automatic CSRF defenses which has significantly contributed to its decline in prevalence, along with much higher awareness with developers that they must protect against such attacks.

For 2017, the OWASP Top 10 Most Critical Web Application Security Risks (in the Release Candidate) are:

A1 Injection
A2 Broken Authentication and Session Management
A3 Cross-Site Scripting (XSS)
A4 Broken Access Control (As it was in 2004)
A5 Security Misconfiguration
A6 Sensitive Data Exposure
A7 Insufficient Attack Protection (NEW)
A8 Cross-Site Request Forgery (CSRF)
A9 Using Components with Known Vulnerabilities
A10 Underprotected APIs (NEW)

twitter facebook me2day 요즘
55개(1/4페이지) rss
번호 제목 글쓴이 조회 날짜
공지 Microsoft 볼륨 라이선스 서비스 센터(VLSC) 가이드 (2015년 8월) 첨부파일 관리자 83609 2016.04.10 11:34
>> OWASP Top 10 - 2017 Release Candidate 첨부파일 관리자 1754 2017.04.13 14:15
53 Windows Server 2016 and System Center 2016 Pricing and Licen 첨부파일 관리자 5614 2016.08.15 14:20
52 Windows Server 2016 Licensing Datasheet 첨부파일 관리자 5312 2016.08.15 14:05
51 NEXT RS232 2P Driver 첨부파일 관리자2 5345 2014.12.17 15:17
50 자주 사용하는 파일들 첨부파일 관리자2 7420 2014.07.21 13:19
49 원격지원 요청 첨부파일 관리자 127624 2013.12.12 20:42
48 Microsoft License Guide 2013년 첨부파일 관리자 156658 2013.06.18 18:46
47 Microsoft 볼륨 라이선싱 제품 사용권 설명서(2013년1월) 첨부파일 관리자 17413 2013.03.21 19:29
46 Windows Server 2012 제품 개요 첨부파일 관리자 22212 2013.01.08 21:32
45 왜 Hyper-V여야 하는가? 첨부파일 관리자 13566 2013.01.08 20:17
44 마이크로소프트 제품 목록(2013)(영문) 첨부파일 관리자 11131 2013.01.05 11:51
43 Windows Server 2012 Licensing Data Sheet 첨부파일 관리자 15635 2012.11.18 22:57
42 Windows Server 2003 R2, Windows Server 2008 R2, and Windows 첨부파일 관리자 18953 2012.11.18 22:52
41 Office 2010에서 Sharepoint 서버의 엑셀 파일을 열지 못할때 삽자루 13066 2012.07.14 10:53
40 Linux Kernel Parameters [2] 삽자루 14281 2012.07.07 09:54