Difference between revisions of "Top 10-2017 Details About Risk Factors"

Latest revision as of 15:10, 7 January 2018

Top 10 Risk Factor Summary

The following table presents a summary of the 2017 Top 10 Application Security Risks, and the risk factors we have assigned to each risk. These factors were determined based on the available statistics and the experience of the OWASP Top 10 team. To understand these risks for a particular application or organization, you must consider your own specific threat agents and business impacts. Even severe software weaknesses may not present a serious risk if there are no threat agents in a position to perform the necessary attack or the business impact is negligible for the assets involved.

Risk	Threat Agents	Attack Vectors (Exploitability)	Security Weakness (Prevalence)	Security Weakness (Detectability)	Impacts (Technical)	Impacts (Business)	Score
A1:2017-Injection	App Specific	EASY: 3	COMMON: 2	EASY: 3	SEVERE: 3	App Specific	8.0
A2:2017-Broken Authentication	App Specific	EASY: 3	COMMON: 2	AVERAGE: 2	SEVERE: 3	App Specific	7.0
A3:2017-Sensitive Data Exposure	App Specific	AVERAGE: 2	WIDESPREAD: 3	AVERAGE: 2	SEVERE: 3	App Specific	7.0
A4:2017-XML External Entities (XXE)	App Specific	AVERAGE: 2	COMMON: 2	EASY: 3	SEVERE: 3	App Specific	7.0
A5:2017-Broken Access Control	App Specific	AVERAGE: 2	COMMON: 2	AVERAGE: 2	SEVERE: 3	App Specific	6.0
A6:2017-Security Misconfiguration	App Specific	EASY: 3	WIDESPREAD: 3	EASY: 3	MODERATE: 2	App Specific	6.0
A7:2017-Cross-Site Scripting (XSS)	App Specific	EASY: 3	WIDESPREAD: 3	EASY: 3	MODERATE: 2	App Specific	6.0
A8:2017-Insecure Deserialization	App Specific	DIFFICULT: 1	COMMON: 2	AVERAGE: 2	SEVERE: 3	App Specific	5.0
A9:2017-Vulnerable Components	App Specific	AVERAGE: 2	WIDESPREAD: 3	AVERAGE: 2	MODERATE: 2	App Specific	4.7
A10:2017-Insufficient Logging&Monitoring	App Specific	AVERAGE: 2	WIDESPREAD: 3	DIFFICULT: 1	MODERATE: 2	App Specific	4.0

Additional Risks To Consider

The Top 10 covers a lot of ground, but there are many other risks you should consider and evaluate in your organization. Some of these have appeared in previous versions of the Top 10, and others have not, including new attack techniques that are being identified all the time. Other important application security risks (ordered by CWE-ID) that you should additionally consider include:

← Note About Risks

2017 Table of Contents

PDF version

Methodology and Data →

@@ Line 1: / Line 1: @@
 {{Top_10_2013:TopTemplate
-    |usenext=Nothing
+     |useprev=2017PrevLink
-    |next=
-     |useprev=2013PrevLink
      |prev={{Top_10:LanguageFile|text=noteAboutRisks|language=en}}
+    |usenext=2017NextLink
+    |next={{Top_10:LanguageFile|text=methodologyAndData|language=en}}
      |year=2017
      |language=en
 }}
+<!--- +RF Details About Risk Factors --->
-{{Top_10:SubsectionTableBeginTemplate|type=main}} {{Top_10_2010:SubsectionAdvancedTemplate|type={{Top_10_2010:StyleTemplate}}|subsection=freetext|position=firstWhole|title={{Top_10:LanguageFile|text=top10RiskFactorSummary|language=en}}|width=100%|year=2017|language=en}}
+{{Top_10:SubsectionTableBeginTemplate|type=main}}{{Top_10_2010:SubsectionAdvancedTemplate|type={{Top_10_2010:StyleTemplate}}|subsection=freetext|position=firstWhole|title=Top 10 Risk Factor Summary|width=100%|year=2017|language=en}}
+The following table presents a summary of the 2017 Top 10 Application Security Risks, and the risk factors we have assigned to each risk. These factors were determined based on the available statistics and the experience of the OWASP Top 10 team. To understand these risks for a particular application or organization, <u>you must consider your own specific threat agents and business impacts</u>. Even severe software weaknesses may not present a serious risk if there are no threat agents in a position to perform the necessary attack or the business impact is negligible for the assets involved.
-The following table presents a summary of the 2017 Top 10 Application Security Risks, and the risk factors we have assigned to each risk. These factors were determined based on the available statistics and the experience of the OWASP Top 10 team. To understand these risks for a particular application or organization, <u>you must consider your own specific threat agents and business impacts</u>. Even egregious software weaknesses may not present a serious risk if there are no threat agents in a position to perform the necessary attack or the business impact is negligible for the assets involved.
 <center>
-<table style="align:center; border-collapse: collapse; text-align:center; margin: 0px 5px 0px 5px; border: 3px solid #444444;
+<table style="align:center; border-collapse: collapse; text-align:center; margin: 0px 5px 0px 5px; border: 3px solid #444444; background-color: {{Top 10:BackgroundColor|year=2017 }}; padding=2;">
-  background-color: {{Top 10:BackgroundColor|year=2017 }};
-padding=2;">
 <tr style="background-color: {{Top 10:BorderColor|year=2017}}; height: 2em; font-size: 130%; color: #FFFFFF;  text-shadow: 2px 2px 8px #444444; ">
       <th style="border: 3px solid #444444;">{{Top_10:LanguageFile|text=risk|language=en}}</th>
       <th style="border: 3px solid #444444;">{{Top_10:LanguageFile|text=threatAgents|language=en}}</th>
-      <th style="border: 3px solid #444444;">{{Top_10:LanguageFile|text=attackVectors|language=en}}</th>
+      <th style="border: 3px solid #444444;">{{Top_10:LanguageFile|text=attackVectors|language=en}}<div style="font-size: 80%;">({{Top_10:LanguageFile|text=exploitability|language=en}})</div></th>
-      <th style="border: 3px solid #444444;">{{Top_10:LanguageFile|text=securityWeakness|language=en}}<div style="font-size: 60%;">({{Top_10:LanguageFile|text=prevalence|language=en}})</div></th>
+      <th style="border: 3px solid #444444;">{{Top_10:LanguageFile|text=securityWeakness|language=en}}<div style="font-size: 80%;">({{Top_10:LanguageFile|text=prevalence|language=en}})</div></th>
-      <th style="border: 3px solid #444444;">{{Top_10:LanguageFile|text=securityWeakness|language=en}}<div style="font-size: 60%;">({{Top_10:LanguageFile|text=detectability|language=en}})</div></th>
+      <th style="border: 3px solid #444444;">{{Top_10:LanguageFile|text=securityWeakness|language=en}}<div style="font-size: 80%;">({{Top_10:LanguageFile|text=detectability|language=en}})</div></th>
-      <th style="border: 3px solid #444444;">{{Top_10:LanguageFile|text=technicalImpacts|language=en}}</th>
+      <th style="border: 3px solid #444444;">{{Top_10:LanguageFile|text=impacts|language=en}}<div style="font-size: 80%;">({{Top_10:LanguageFile|text=technical|language=en}})</div></th>
-      <th style="border: 3px solid #444444;">{{Top_10:LanguageFile|text=businessImpacts|language=en}}</th>
+     <th style="border: 3px solid #444444;">{{Top_10:LanguageFile|text=impacts|language=en}}<div style="font-size: 80%;">({{Top_10:LanguageFile|text=business|language=en}})</div></th>
+      <th style="border: 3px solid #444444;">{{Top_10:LanguageFile|text=score|language=en}}</th>
 </tr>
-<tr><td style="border: 3px solid #444444;"><b><u>[[{{Top_10:LanguageFile|text=documentRootTop10|year=2017|language=en}}-A1-{{Top_10_2010:ByTheNumbers|1|language=en|year=2017}}|A1-{{Top_10_2010:ByTheNumbers|1|language=en|year=2017}}]]</u></b></td>
+<tr><td style="border: 3px solid #444444;"><b><u>[[{{Top_10:LanguageFile|text=documentRootTop10New|language=en|year=2017 }}_A1-{{Top_10_2010:ByTheNumbers|1|year=2017|language=en}} | A1:2017-{{Top_10_2010:ByTheNumbers|1|year=2017|language=en}}]]</u></b></td>
 <td style="border: 3px solid #444444;"><b>{{Top_10:LanguageFile|text=appSpecific|language=en}}</b></td>
-   {{Top_10:SummaryTableTemplate|type=valueOnly|exploitability=1|prevalence=2|detectability=2|impact=1|language=en|year=2017}}
+   {{Top_10-2017:SummaryTableTemplate|type=valueOnly|exploitability=3|prevalence=2|detectability=3|impact=3|language=en|year=2017}}
-<td style="border: 3px solid #444444"><b>{{Top_10:LanguageFile|text=appSpecific|language=en}}</b></td></tr>
+<td style="border: 3px solid #444444"><b>{{Top_10:LanguageFile|text=appSpecific|language=en}}</b></td>
+<td style="border: 3px solid #444444"><b>8.0</b></td></tr>
-<tr><td style="border: 3px solid #444444;"><b><u>[[{{Top_10:LanguageFile|text=documentRootTop10|year=2017|language=en}}-A2-{{Top_10_2010:ByTheNumbers|2|language=en|year=2017}}|A2-{{Top_10:LanguageFile|text=authentication|year=2017|language=en}}]]</u></b></td>
+<tr><td style="border: 3px solid #444444;"><b><u>[[{{Top_10:LanguageFile|text=documentRootTop10New|language=en|year=2017 }}_A2-{{Top_10_2010:ByTheNumbers|2|year=2017|language=en}} | A2:2017-{{Top_10_2010:ByTheNumbers|2|year=2017|language=en}}]]</u></b></td>
 <td style="border: 3px solid #444444;"><b>{{Top_10:LanguageFile|text=appSpecific|language=en}}</b></td>
-   {{Top_10:SummaryTableTemplate|type=valueOnly|exploitability=2|prevalence=2|detectability=2|impact=1|language=en|year=2017}}
+   {{Top_10-2017:SummaryTableTemplate|type=valueOnly|exploitability=3|prevalence=2|detectability=2|impact=3|language=en|year=2017}}
-<td style="border: 3px solid #444444"><b>{{Top_10:LanguageFile|text=appSpecific|language=en}}</b></td></tr>
+<td style="border: 3px solid #444444"><b>{{Top_10:LanguageFile|text=appSpecific|language=en}}</b></td>
+<td style="border: 3px solid #444444"><b>7.0</b></td></tr>
-<tr><td style="border: 3px solid #444444;"><b><u>[[{{Top_10:LanguageFile|text=documentRootTop10|year=2017|language=en}}-A3-{{Top_10_2010:ByTheNumbers|3|language=en|year=2017}}|A3-{{Top_10:LanguageFile|text=xssShort|year=2017|language=en}}]]</u></b></td>
+<tr><td style="border: 3px solid #444444;"><b><u>[[{{Top_10:LanguageFile|text=documentRootTop10New|language=en|year=2017 }}_A3-{{Top_10_2010:ByTheNumbers|3|year=2017|language=en}} | A3:2017-{{Top_10_2010:ByTheNumbers|3|year=2017|language=en}}]]</u></b></td>
 <td style="border: 3px solid #444444;"><b>{{Top_10:LanguageFile|text=appSpecific|language=en}}</b></td>
-   {{Top_10:SummaryTableTemplate|type=valueOnly|exploitability=2|prevalence=0|detectability=2|impact=2|language=en|year=2017}}
+   {{Top_10-2017:SummaryTableTemplate|type=valueOnly|exploitability=2|prevalence=3|detectability=2|impact=3|language=en|year=2017}}
-<td style="border: 3px solid #444444"><b>{{Top_10:LanguageFile|text=appSpecific|language=en}}</b></td></tr>
+<td style="border: 3px solid #444444"><b>{{Top_10:LanguageFile|text=appSpecific|language=en}}</b></td>
+<td style="border: 3px solid #444444"><b>7.0</b></td></tr>
-<tr><td style="border: 3px solid #444444;"><b><u>[[{{Top_10:LanguageFile|text=documentRootTop10|year=2017|language=en}}-A4-{{Top_10_2010:ByTheNumbers|4|language=en|year=2017}}|A4-{{Top_10:LanguageFile|text=accessCtrl|year=2017|language=en}}]]</u></b></td>
+<tr><td style="border: 3px solid #444444;"><b><u>[[{{Top_10:LanguageFile|text=documentRootTop10New|language=en|year=2017 }}_A4-{{Top_10_2010:ByTheNumbers|4|year=2017|language=en}} | A4:2017-{{Top_10_2010:ByTheNumbers|4|year=2017|language=en}}]]</u></b></td>
 <td style="border: 3px solid #444444;"><b>{{Top_10:LanguageFile|text=appSpecific|language=en}}</b></td>
-   {{Top_10:SummaryTableTemplate|type=valueOnly|exploitability=1|prevalence=1|detectability=1|impact=2|language=en|year=2017}}
+   {{Top_10-2017:SummaryTableTemplate|type=valueOnly|exploitability=2|prevalence=2|detectability=3|impact=3|language=en|year=2017}}
-<td style="border: 3px solid #444444"><b>{{Top_10:LanguageFile|text=appSpecific|language=en}}</b></td></tr>
+<td style="border: 3px solid #444444"><b>{{Top_10:LanguageFile|text=appSpecific|language=en}}</b></td>
+<td style="border: 3px solid #444444"><b>7.0</b></td></tr>
-<tr><td style="border: 3px solid #444444;"><b><u>[[{{Top_10:LanguageFile|text=documentRootTop10|year=2017|language=en}}-A5-{{Top_10_2010:ByTheNumbers|5|language=en|year=2017}}|A5-{{Top_10:LanguageFile|text=misconfig|year=2017|language=en}}]]</u></b></td>
+<tr><td style="border: 3px solid #444444;"><b><u>[[{{Top_10:LanguageFile|text=documentRootTop10New|language=en|year=2017 }}_A5-{{Top_10_2010:ByTheNumbers|5|year=2017|language=en}} | A5:2017-{{Top_10_2010:ByTheNumbers|5|year=2017|language=en}}]]</u></b></td>
 <td style="border: 3px solid #444444;"><b>{{Top_10:LanguageFile|text=appSpecific|language=en}}</b></td>
-   {{Top_10:SummaryTableTemplate|type=valueOnly|exploitability=1|prevalence=2|detectability=1|impact=2|language=en|year=2017}}
+   {{Top_10-2017:SummaryTableTemplate|type=valueOnly|exploitability=2|prevalence=2|detectability=2|impact=3|language=en|year=2017}}
-<td style="border: 3px solid #444444"><b>{{Top_10:LanguageFile|text=appSpecific|language=en}}</b></td></tr>
+<td style="border: 3px solid #444444"><b>{{Top_10:LanguageFile|text=appSpecific|language=en}}</b></td>
+<td style="border: 3px solid #444444"><b>6.0</b></td></tr>
-<tr><td style="border: 3px solid #444444;"><b><u>[[{{Top_10:LanguageFile|text=documentRootTop10|year=2017|language=en}}-A6-{{Top_10_2010:ByTheNumbers|6|language=en|year=2017}}|A6-{{Top_10:LanguageFile|text=sensData|year=2017|language=en}}]]</u></b></td>
+<tr><td style="border: 3px solid #444444;"><b><u>[[{{Top_10:LanguageFile|text=documentRootTop10New|language=en|year=2017 }}_A6-{{Top_10_2010:ByTheNumbers|6|year=2017|language=en}} | A6:2017-{{Top_10_2010:ByTheNumbers|6|year=2017|language=en}}]]</u></b></td>
 <td style="border: 3px solid #444444;"><b>{{Top_10:LanguageFile|text=appSpecific|language=en}}</b></td>
-   {{Top_10:SummaryTableTemplate|type=valueOnly|exploitability=3|prevalence=3|detectability=2|impact=1|language=en|year=2017}}
+   {{Top_10-2017:SummaryTableTemplate|type=valueOnly|exploitability=3|prevalence=3|detectability=3|impact=2|language=en|year=2017}}
-<td style="border: 3px solid #444444"><b>{{Top_10:LanguageFile|text=appSpecific|language=en}}</b></td></tr>
+<td style="border: 3px solid #444444"><b>{{Top_10:LanguageFile|text=appSpecific|language=en}}</b></td>
+<td style="border: 3px solid #444444"><b>6.0</b></td></tr>
-<tr><td style="border: 3px solid #444444;"><b><u>[[{{Top_10:LanguageFile|text=documentRootTop10|year=2017|language=en}}-A7-{{Top_10_2010:ByTheNumbers|7|language=en|year=2017}}|A7-{{Top_10:LanguageFile|text=attackProt|year=2017|language=en}}]]</u></b></td>
+<tr><td style="border: 3px solid #444444;"><b><u>[[{{Top_10:LanguageFile|text=documentRootTop10New|language=en|year=2017 }}_A7-{{Top_10_2010:ByTheNumbers|7|year=2017|language=en}} | A7:2017-{{Top_10_2010:ByTheNumbers|7|year=2017|language=en}}]]</u></b></td>
 <td style="border: 3px solid #444444;"><b>{{Top_10:LanguageFile|text=appSpecific|language=en}}</b></td>
-   {{Top_10:SummaryTableTemplate|type=valueOnly|exploitability=1|prevalence=2|detectability=2|impact=2|language=en|year=2017}}
+   {{Top_10-2017:SummaryTableTemplate|type=valueOnly|exploitability=3|prevalence=3|detectability=3|impact=2|language=en|year=2017}}
-<td style="border: 3px solid #444444"><b>{{Top_10:LanguageFile|text=appSpecific|language=en}}</b></td></tr>
+<td style="border: 3px solid #444444"><b>{{Top_10:LanguageFile|text=appSpecific|language=en}}</b></td>
+<td style="border: 3px solid #444444"><b>6.0</b></td></tr>
-<tr><td style="border: 3px solid #444444;"><b><u>[[{{Top_10:LanguageFile|text=documentRootTop10|year=2017|language=en}}-A8-{{Top_10_2010:ByTheNumbers|8|language=en|year=2017}}|A8-{{Top_10:LanguageFile|text=csrfShort|year=2017|language=en}}]]</u></b></td>
+<tr><td style="border: 3px solid #444444;"><b><u>[[{{Top_10:LanguageFile|text=documentRootTop10New|language=en|year=2017 }}_A8-{{Top_10_2010:ByTheNumbers|8|year=2017|language=en}} | A8:2017-{{Top_10_2010:ByTheNumbers|8|year=2017|language=en}}]]</u></b></td>
 <td style="border: 3px solid #444444;"><b>{{Top_10:LanguageFile|text=appSpecific|language=en}}</b></td>
-   {{Top_10:SummaryTableTemplate|type=valueOnly|exploitability=2|prevalence=3|detectability=1|impact=2|language=en|year=2017}}
+   {{Top_10-2017:SummaryTableTemplate|type=valueOnly|exploitability=1|prevalence=2|detectability=2|impact=3|language=en|year=2017}}
-<td style="border: 3px solid #444444"><b>{{Top_10:LanguageFile|text=appSpecific|language=en}}</b></td></tr>
+<td style="border: 3px solid #444444"><b>{{Top_10:LanguageFile|text=appSpecific|language=en}}</b></td>
+<td style="border: 3px solid #444444"><b>5.0</b></td></tr>
-<tr><td style="border: 3px solid #444444;"><b><u>[[{{Top_10:LanguageFile|text=documentRootTop10|year=2017|language=en}}-A9-{{Top_10_2010:ByTheNumbers|9|language=en|year=2017}}|A9-{{Top_10:LanguageFile|text=vulnComponents|year=2017|language=en}}]]</u></b></td>
+<tr><td style="border: 3px solid #444444;"><b><u>[[{{Top_10:LanguageFile|text=documentRootTop10New|language=en|year=2017 }}_A9-{{Top_10_2010:ByTheNumbers|9|year=2017|language=en}} | A9:2017-{{Top_10_2010:ByTheNumbers|9|year=2017|language=en|type=short}}]]</u></b></td>
 <td style="border: 3px solid #444444;"><b>{{Top_10:LanguageFile|text=appSpecific|language=en}}</b></td>
-   {{Top_10:SummaryTableTemplate|type=valueOnly|exploitability=2|prevalence=2|detectability=2|impact=2|language=en|year=2017}}
+   {{Top_10-2017:SummaryTableTemplate|type=valueOnly|exploitability=2|prevalence=3|detectability=2|impact=2|language=en|year=2017}}
-<td style="border: 3px solid #444444"><b>{{Top_10:LanguageFile|text=appSpecific|language=en}}</b></td></tr>
+<td style="border: 3px solid #444444"><b>{{Top_10:LanguageFile|text=appSpecific|language=en}}</b></td>
+<td style="border: 3px solid #444444"><b>4.7</b></td></tr>
-<tr><td style="border: 3px solid #444444;"><b><u>[[{{Top_10:LanguageFile|text=documentRootTop10|year=2017|language=en}}-A10-{{Top_10_2010:ByTheNumbers|10|language=en|year=2017}}|A10-{{Top_10:LanguageFile|text=ApiProt|year=2017|language=en}}]]</u></b></td>
+<tr><td style="border: 3px solid #444444;"><b><u>[[{{Top_10:LanguageFile|text=documentRootTop10New|language=en|year=2017 }}_A10-{{Top_10_2010:ByTheNumbers|10|year=2017|language=en}} | A10:2017-{{Top_10_2010:ByTheNumbers|10|year=2017|language=en}}]]</u></b></td>
 <td style="border: 3px solid #444444;"><b>{{Top_10:LanguageFile|text=appSpecific|language=en}}</b></td>
-   {{Top_10:SummaryTableTemplate|type=valueOnly|exploitability=2|prevalence=2|detectability=3|impact=2|language=en|year=2017}}
+   {{Top_10-2017:SummaryTableTemplate|type=valueOnly|exploitability=2|prevalence=3|detectability=1|impact=2|language=en|year=2017}}
-<td style="border: 3px solid #444444"><b>{{Top_10:LanguageFile|text=appSpecific|language=en}}</b></td></tr>
+<td style="border: 3px solid #444444"><b>{{Top_10:LanguageFile|text=appSpecific|language=en}}</b></td>
+<td style="border: 3px solid #444444"><b>4.0</b></td></tr>
 </table></center> <!-- End risk table -->
+{{Top_10_2010:SubsectionAdvancedTemplate|type={{Top_10_2010:StyleTemplate}}|subsection=freetext|position=whole|title=Additional Risks To Consider|year=2017|language=en}}
+The Top 10 covers a lot of ground, but there are many other risks you should consider and evaluate in your organization. Some of these have appeared in previous versions of the Top 10, and others have not, including new attack techniques that are being identified all the time. Other important application security risks (ordered by CWE-ID) that you should additionally consider include:
+* <u>[https://cwe.mitre.org/data/definitions/352.html CWE-352: Cross-Site Request Forgery (CSRF)]</u>
+* <u>[https://cwe.mitre.org/data/definitions/400.html CWE-400: Uncontrolled Resource Consumption ('Resource Exhaustion', 'AppDoS')]</u>
+* <u>[https://cwe.mitre.org/data/definitions/434.html CWE-434: Unrestricted Upload of File with Dangerous Type]</u>
+* <u>[https://cwe.mitre.org/data/definitions/451.html CWE-451: User Interface (UI) Misrepresentation of Critical Information (Clickjacking and others)]</u>
+* <u>[https://cwe.mitre.org/data/definitions/601.html CWE-601: Unvalidated Forward and Redirects]</u>
+* <u>[https://cwe.mitre.org/data/definitions/799.html CWE-799: Improper Control of Interaction Frequency (Anti-Automation)]</u>
+* <u>[https://cwe.mitre.org/data/definitions/829.html CWE-829: Inclusion of Functionality from Untrusted Control Sphere (3rd Party Content)]</u>
+* <u>[https://cwe.mitre.org/data/definitions/918.html CWE-918: Server-Side Request Forgery (SSRF)]</u>
-{{Top_10_2010:SubsectionAdvancedTemplate|type={{Top_10_2010:StyleTemplate}}|subsection=freetext|position=whole|title={{Top_10:LanguageFile|text=additionalRisksToConsider|language=en}}|width=100%|year=2017|language=en}}
+{{Top_10_2013:BottomAdvancedTemplate
-The Top 10 covers a lot of ground, but there are many other risks you should consider and evaluate in your organization. Some of these have appeared in previous versions of the Top 10, and others have not, including new attack techniques that are being identified all the time.  Other important application security risks (in alphabetical order) that you should also consider include:
+    |type=box
-* <u>[[Clickjacking]]</u> (<u>[https://capec.mitre.org/data/definitions/103.html CAPEC-103]</u>)
+    |useprev=2017PrevLink
-* <u>[[Application_Denial_of_Service|Denial of Service]]</u> (<u>[http://cwe.mitre.org/data/definitions/400.html CWE-400]</u>) (Was 2004 Top 10 – <u>[[A9_2004_Application_Denial_of_Service|Entry 2004-A9]]</u>)
+    |prev={{Top_10:LanguageFile|text=noteAboutRisks|language=en}}
-* <u>[[Deserialization_of_untrusted_data|Deserialization of Untrusted Data]]</u> (<u>[http://cwe.mitre.org/data/definitions/502.html CWE-502]</u>) For defenses, see: <u>[[Deserialization_Cheat_Sheet|OWASP Deserialization Cheat Sheet]]</u>
+    |usenext=2017NextLink
-* <u>[https://www.aspectsecurity.com/uploads/downloads/2011/09/ExpressionLanguageInjection.pdf xpression Language Injection]</u> (<u>[http://cwe.mitre.org/data/definitions/917.html CWE-917]</u>)
+    |next={{Top_10:LanguageFile|text=methodologyAndData|language=en}}
-* <u>[http://projects.webappsec.org/Information-Leakage Information Leakage]</u> (<u>[https://cwe.mitre.org/data/definitions/209.html CWE-209]</u>) and <u>[[Top_10_2007-A6|Improper Error Handling]]</u> (<u>[https://cwe.mitre.org/data/definitions/388.html CWE-388]</u>) (was part of 2007 Top 10 – <u>[[Top_10_2007-A6|Entry 2007-A6]]</u>)
+    |year=2017
-* <u>[https://seclab.cs.ucsb.edu/media/uploads/papers/jsinclusions.pdf Hotlinking Third Party Content]</u> (<u>[https://cwe.mitre.org/data/definitions/829.html CWE-829]</u>)
+    |language=en
-* <u>[[Top_10_2007-A3|Malicious File Execution]]</u> (<u>[https://cwe.mitre.org/data/definitions/434.html CWE-434]</u>) (Was 2007 Top 10 – <u>[[Top_10_2007-A3|Entry 2007-A3]]</u>)
+}}
-* <u>[http://en.wikipedia.org/wiki/Mass_assignment_vulnerability Mass Assignment]</u> (<u>[http://cwe.mitre.org/data/definitions/915.html CWE-915]</u>)
-* <u>[https://cwe.mitre.org/data/definitions/918.html Server-Side Request Forgery (SSRF) (CWE-918)]</u>
-* <u>[[Top_10_2013-A10-Unvalidated_Redirects_and_Forwards|Unvalidated Redirects and Forwards]]</u> (<u>[https://cwe.mitre.org/data/definitions/601.html CWE-601]</u>) (Was 2013 Top 10 – <u>[[Top_10_2013-A10-Unvalidated_Redirects_and_Forwards|Entry 2013-A10]]</u>)
-* <u>[[Privacy_Violation|User Privacy]]</u> (<u>[https://cwe.mitre.org/data/definitions/359.html CWE-359]</u>) <!--- not yet part of RC1 -->For defenses, see: <u>[[OWASP_Top_10_Privacy_Risks_Project|OWASP Top 10 Privacy Risks Project]]</u><!--- END: not yet part of RC1 -->
-{{Top_10:SubsectionTableEndTemplate}}
+<!-- [[Category:OWASP Top Ten Project]] -->
-{{Top_10_2013:BottomTemplate
-   |usenext=Nothing
-   |useprev=2013PrevLink
-   |prev={{Top_10:LanguageFile|text=noteAboutRisks|language=en}}
-   |next=
-   |year=2017
-   |language=en
-}}

Difference between revisions of "Top 10-2017 Details About Risk Factors"

Latest revision as of 15:10, 7 January 2018

Navigation menu

Personal tools

Namespaces

Variants

Views

More

Search

Navigation

Reference

Tools