OWASP Top 10 - 2017 Release Candidate

관리자 | 2017.04.13 14:15 | 조회 2651
OWASP Top 10 - 2017 Release Candidate

The release candidate for public comment was published 10 April 2017 and can be downloaded here.. OWASP plans to release the final OWASP Top 10 - 2017 in July or August 2017 after a public comment period ending June 30, 2017.

Constructive comments on this OWASP Top 10 - 2017 Release Candidate should be forwarded via email to the OWASP Top 10 Project Email List. Private comments may be sent to Dave Wichers. Anonymous comments are welcome. All non-private comments will be catalogued and published at the same time as the final public release. Comments recommending changes to the Top 10 should include a complete suggested list of changes, along with a rationale for each change. All comments should indicate the specific relevant page and section.

This release of the OWASP Top 10 marks this project’s fourteenth year of raising awareness of the importance of application security risks. This release follows the 2013 update, whose main change was the addition of 2013-A9 Use of Known Vulnerable Components. We are pleased to see that since the 2013 Top 10 release, a whole ecosystem of both free and commercial tools have emerged to help combat this problem as the use of open source components has continued to rapidly expand across practically every programming language. The data also suggests the use of known vulnerable components is still prevalent, but not as widespread as before. We believe the awareness of this issue the Top 10 - 2013 generated has contributed to both of these changes.

We also noticed that since CSRF was introduced to the Top 10 in 2007, it has dropped from a widespread vulnerability to an uncommon one. Many frameworks include automatic CSRF defenses which has significantly contributed to its decline in prevalence, along with much higher awareness with developers that they must protect against such attacks.

For 2017, the OWASP Top 10 Most Critical Web Application Security Risks (in the Release Candidate) are:

A1 Injection
A2 Broken Authentication and Session Management
A3 Cross-Site Scripting (XSS)
A4 Broken Access Control (As it was in 2004)
A5 Security Misconfiguration
A6 Sensitive Data Exposure
A7 Insufficient Attack Protection (NEW)
A8 Cross-Site Request Forgery (CSRF)
A9 Using Components with Known Vulnerabilities
A10 Underprotected APIs (NEW)

twitter facebook me2day 요즘
57개(1/4페이지) rss
번호 제목 글쓴이 조회 날짜
공지 Microsoft 볼륨 라이선스 서비스 센터(VLSC) 가이드 (2015년 8월) 첨부파일 관리자 125060 2016.04.10 11:34
56 볼륨 라이선스 키에 대한 제품 라이선스 FAQ(한국어) 첨부파일 관리자 77 2019.11.02 11:11
55 볼륨 라이선싱 제품 조건 2019년 11월 1일(한국어) 첨부파일 관리자 102 2019.11.02 11:09
>> OWASP Top 10 - 2017 Release Candidate 첨부파일 관리자 2652 2017.04.13 14:15
53 Windows Server 2016 and System Center 2016 Pricing and Licen 첨부파일 관리자 8619 2016.08.15 14:20
52 Windows Server 2016 Licensing Datasheet 첨부파일 관리자 8226 2016.08.15 14:05
51 NEXT RS232 2P Driver 첨부파일 관리자2 6825 2014.12.17 15:17
50 자주 사용하는 파일들 첨부파일 관리자2 8855 2014.07.21 13:19
49 원격지원 요청 첨부파일 관리자 133981 2013.12.12 20:42
48 Microsoft License Guide 2013년 첨부파일 관리자 164165 2013.06.18 18:46
47 Microsoft 볼륨 라이선싱 제품 사용권 설명서(2013년1월) 첨부파일 관리자 20159 2013.03.21 19:29
46 Windows Server 2012 제품 개요 첨부파일 관리자 25487 2013.01.08 21:32
45 왜 Hyper-V여야 하는가? 첨부파일 관리자 15492 2013.01.08 20:17
44 마이크로소프트 제품 목록(2013)(영문) 첨부파일 관리자 12579 2013.01.05 11:51
43 Windows Server 2012 Licensing Data Sheet 첨부파일 관리자 17971 2012.11.18 22:57
42 Windows Server 2003 R2, Windows Server 2008 R2, and Windows 첨부파일 관리자 21756 2012.11.18 22:52