[Owasp-topten] Comments on OWASP Top 10 RC - 2017 A7

Joseph Salowey joe at salowey.net
Tue Apr 11 19:38:34 UTC 2017


Thanks to the authors and contributors for working on the OWASP Top10.  I
find this to be a useful tool when work with application developers.

A7 - Insufficient Attack Protection seems overly general.  It seems to be a
catch all to cover many topics such as:


   - Bad input validation
   - Poor application update/modification support
   - Insufficient logging or reporting
   - lack of rate-limiting


The topic seems to be driven by WAF as a solution rather than by the
underlying problems.

My suggestion would be to either break this topic up into a few different
issues or rename the topic to Integrate a WAF into your application.

Cheers,

Joe
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-topten/attachments/20170411/8c26d892/attachment.html>


More information about the Owasp-topten mailing list