OWASP Top 10 2017 — What should be there?

Having made my long term thoughts on the OWASP Top 10 process clear, I want to talk about the list as it stands at the moment and how I think it should be for 2017.


But first…

My background

So what should the Top 10 look like?

The Good: Removal of 2013 A10 — Unvalidated Redirects and Forwards

The Good con’t: 2017 A4 — Broken Access Control

The Bad(ish): 2017 A10 — Underprotected APIs

The Ugly: 2017 A7 — Insufficient Attack Protection

One spot left

In conclusion

Now only posting at https://joshcgrossman.com

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store