🌐
OWASP
owasp.org › www-project-top-ten › 2017
OWASP Top Ten 2017 | Table of Contents | OWASP Foundation
Table of Contents on the main website for The OWASP Foundation. OWASP is a nonprofit foundation that works to improve the security of software.
HOME
OWASP Foundation, the Open Source Foundation for Application Security on the main website for The OWASP Foundation. OWASP is a nonprofit foundation that works to improve the security of software.
ABOUT
About the OWASP Foundation on the main website for The OWASP Foundation. OWASP is a nonprofit foundation that works to improve the security of software.
PROJECTS
Projects on the main website for The OWASP Foundation. OWASP is a nonprofit foundation that works to improve the security of software.
OWASP Top Ten Project
Japanese: OWASP Top 10-2017 - 日本語版 (PDF) translated and reviewed by Akitsugu ITO, Albert Hsieh, Chie TAZAWA, Hideko IGARASHI, Hiroshi TOKUMARU, Naoto KATSUMI, Riotaro OKADA, Robert DRACEA, Satoru TAKAHASHI, Sen UENO, Shoichi NAKATA, Takanori NAKANOWATARI ,Takanori ANDO, Tomohiro SANAE.
🌐
OWASP
owasp.org › www-project-top-ten › 2017 › Top_10
OWASP Top Ten 2017 | 2017 Top 10 | OWASP Foundation
2017 Top 10 on the main website for The OWASP Foundation. OWASP is a nonprofit foundation that works to improve the security of software.
Discussions

Interview question: Do you know what the OWASP top 10 are?
To be blunt, OWASP Top 10 is pretty basic stuff. If you didn't know what that was and you then made an excuse for it I wouldn't hire you either. That is not something just "programmers" should know. but should I know more for the next interview? Yes. Is that enough? Not by a long shot. More on reddit.com
🌐 r/AskNetsec
101
43
October 4, 2018
Introduction to OWASP Top 10 2021
Is it just me, or this thing is getting more and more useless? I mean, insecure design is extremely broad, as is security misconfiguration. SSRF is an impact, not a vulnerability. Yadda yadda... More generally, I think this has outlived its usefulness and we could safely do without it as an industry. Anyhow, thanks for sharing. Upvoted! More on reddit.com
🌐 r/netsec
30
217
September 9, 2021
CCSP exam question - OWASP 2017 vs 2021 and CSA Notorious 9 vs Egregious 11
I finished within the last 6 months and while I had a few questions regarding OWASP it was more related to what it was and its use versus any detailed minutiae. More on reddit.com
🌐 r/CCSP
6
4
December 26, 2022
Reddit
r/HowToHack: Welcome! This is your open hacker community designed to help you on the journey from neophyte to veteran in the world of underground… More on reddit.com
🌐 r/HowToHack
🌐
OWASP
owasp.org › www-project-top-ten
OWASP Top Ten Web Application Security Risks | OWASP Foundation
Previous versions are available at OWASP Top Ten 2021 and OWASP Top 10 2017 (PDF).
🌐
GitHub
raw.githubusercontent.com › OWASP › Top10 › master › 2017 › OWASP Top 10-2017 (en).pdf
OWASP Top 10 - 2017 - GitHub
Join the world's most widely adopted, AI-powered developer platform where millions of developers, businesses, and the largest open source community build software that advances humanity.
🌐
GitHub
github.com › OWASP › Top10 › blob › master › 2017 › OWASP-Top-10-2017-en.html
Top10/2017/OWASP-Top-10-2017-en.html at master · OWASP/Top10
<p>This major update adds several new issues, including two issues selected by the community - A8:2017-Insecure Deserialization and A10:2017-Insufficient Logging and Monitoring. Two key differentiators from previous OWASP Top 10 releases are the substantial community feedback and extensive data assembled from dozens of organizations, possibly the largest amount of data ever assembled in the preparation of an application security standard.
Author   OWASP
🌐
OWASP
owasp.org › www-project-top-ten › 2017 › A6_2017-Security_Misconfiguration
OWASP Top Ten 2017 | A6:2017-Security Misconfiguration | OWASP Foundation
A6:2017-Security Misconfiguration on the main website for The OWASP Foundation. OWASP is a nonprofit foundation that works to improve the security of software.
Find elsewhere
🌐
Oracle
docs.oracle.com › en › industries › health-sciences › healthcare-data-repository › 8.1.3 › secure-dev › owasp-top-10-security-vulnerabilities-2017.html
OWASP Top 10 Security Vulnerabilities 2017
July 8, 2022 - This paper discusses the practices and strategies used by the HDR application to mitigate risks posed by the security vulnerabilities documented in the OWASP Top 10 – 2017.
🌐
Medium
medium.com › digitalfrontiers › changes-in-owasp-top-10-2017-vs-2021-7cea4183288b
Changes in OWASP Top 10: 2017 vs 2021 | by Heinz-Werner Haas | Digital Frontiers — Das Blog | Medium
February 25, 2022 - But A10:2021-Server-Side Request Forgery (SSRF) shows that they are not bulletproof, and they need more configuration (A05:2021-Security Misconfiguration). If we look at the top positions, in 2017 Injection and Broken Authentication were the ...
🌐
OWASP
owasp.org › www-project-top-ten › 2017 › A5_2017-Broken_Access_Control
OWASP Top Ten 2017 | A5:2017-Broken Access Control | OWASP Foundation
A5:2017-Broken Access Control on the main website for The OWASP Foundation. OWASP is a nonprofit foundation that works to improve the security of software.
🌐
Detectify
blog.detectify.com › home › best practices › owasp top 10 2017 is here – injection still #1
OWASP Top 10 2017 is here - Injection still #1 - Blog Detectify
May 29, 2023 - OWASP Top 10 2017 brings three new vulnerabilities and retires two. Despite these changes, many vulnerabilities from 2013 remain on the list, making OWASP Top 10 2017 very similar to its predecessor.
🌐
Security Innovation
blog.securityinnovation.com › owasp-top-ten-for-2017-the-hits-misses
OWASP Top Ten for 2017 – The Hits & Misses
May 30, 2017 - The OWASP Top 10 2017 release offers improvements, but also introduces new issues. Read more to get CoE lead, Andrew McKenna's thoughts and recommendations.
🌐
Holm Security
support.holmsecurity.com › knowledge › owasp-2013-vs.-owasp-2017
What is the difference between the OWASP Top 10 versions 2013 and 2017?
2017-A10 - Underprotected APIs · Testing your APIs for vulnerabilities should be similar to testing the rest of your web application. Different types of injection, authentication, access control, encryption, configuration, and other issues can exist in APIs just as in a traditional web application. Two items were removed from the OWASP Top 10 2017 ·
🌐
Medium
medium.com › @mrutunjayasenapati0 › owasp-top-10-2021-vs-2017-a-comparative-analysis-70990e5570f8
OWASP Top 10: 2021 vs. 2017 — A Comparative Analysis | by Mrutunjaya Senapati | Medium
October 2, 2024 - Some vulnerabilities from the 2017 list, such as XML External Entities (XXE) and Insecure Deserialization, were removed in 2021, suggesting a decrease in their prevalence or a shift in focus towards more pressing security concerns. The 2021 list emphasizes the importance of Security Logging and Monitoring Failures, underscoring the need for robust logging practices to detect and respond to security incidents effectively. The evolution from OWASP Top 10–2017 to OWASP Top 10–2021 reflects the changing landscape of web application security.
🌐
Tripwire
tripwire.com › home › blog › owasp top 10 most critical web application security risks of 2017
OWASP Top 10 Most Critical Web Application Security Risks of 2017
December 26, 2017 - Two old categories that made OWASP's Top 10 in 2013, Insecure Direct Object References and Missing Function Level Access Control, merged together into a single category "Broken Access Control" for its 2017 list.
🌐
Beagle Security
beaglesecurity.com › blog › owasp › owasp-top-ten-2017.html
OWASP top ten 2017
OWASP Top 10 is the standard guide for developers and online application security. It provides a consensus of the most important security threats to web applications.
🌐
OWASP
owasp.org › www-project-top-ten › 2017 › Release_Notes
OWASP Top Ten 2017 | Release Notes | OWASP Foundation
Release Notes on the main website for The OWASP Foundation. OWASP is a nonprofit foundation that works to improve the security of software.
🌐
Barracuda Networks
barracuda.com › home › glossary › owasp top 10 list
What is the OWASP Top 10 List? | Barracuda Networks
January 28, 2026 - OWASP Top 10 lists are created for various categories, though the most commonly used OWASP Top 10 list is the one for Web Application Security. The current Top 10 list as of 2017 include the following website vulnerabilities: