OWASP stands for Open Web Application Security Project, it’s an online community which creates freely-available articles, methodologies, documentation, tools, and technologies in the field of web application security.
You may ask yourself, why there is no update? The reason for the delay is that there has been little change in the Web applications top 10.
They produce a new OWASP Top 10 every 3 years because this seems to balance the rate of change in the web applications security market.
What Changed From 2013 to 2017?
– They merged both “2013-A4: Insecure Direct Object References and 2013-A7: Missing Function Level Access Control” into 2017-A4: Broken Access Control.
– They added 2017-A7: Insufficient Attack Protection.
– They also added 2017-A10: Underprotected APIs.
– They dropped: 2013-A10: Unvalidated Redirects and Forwards by adding this category to the security awareness of the issue.
OWASP plans to release the final OWASP Top 10 – 2017 in July or August 2017 after a public comment period ending June 30, 2017.
The 2017 Top 10 changes show the progress towards modern, high-speed web development that we’ve seen appear across the industry. As the application security industry changes and evolves, it has gone through a transformation, some have even called it the “industrial revolution” of our business.
The only way to succeed in application security is to use a process that continuously: analyse and evaluates new threats, evolve and establishes defences and monitors those defences to make sure they are running.