[Owasp-topten] [Owasp-leaders] Released: OWASP Top 10 – 2017 Release Candidate

psiinon psiinon at gmail.com
Wed Apr 12 13:49:14 UTC 2017


So thats a meta category and 'Insufficient Attack Protection' isnt? :P

On Wed, Apr 12, 2017 at 2:42 PM, Dave Wichers <dave.wichers at owasp.org>
wrote:

> I saw Jeremiah's tweets last night. While I agree that this is definitely
> a problem for large orgs that don't know what they own, this is a very meta
> category and so not sure it deserves to take up an entire slot in the T10.
> Maybe we should at least mention it in the 'What's next for organizations?"
> That wouldn't be unreasonable.
>
> Not sure.
>
> -Dave
>
>
> On Wed, Apr 12, 2017 at 3:31 AM, psiinon <psiinon at gmail.com> wrote:
>
>> As per Jeremiah's tweet https://twitter.com/jeremiahg/
>> status/851562562634137600 I think one of the biggest security risks to
>> any medium-large organization is unknown sites / applications and
>> functionality.
>> Not having a category like this in the Top 10 feels like a huge omission
>> to me.
>> Who here in an organization of any non trivial size is not worried about
>> what they dont know has been deployed?
>>
>> Cheers,
>>
>> Simon
>>
>> On Mon, Apr 10, 2017 at 3:36 PM, Dave Wichers <dave.wichers at owasp.org>
>> wrote:
>>
>>> OWASP Leaders!
>>>
>>>
>>>
>>> The Release Candidate for the OWASP Top 10 – 2017 is now available!
>>> (Attached)
>>>
>>>
>>>
>>> *It’s also available for Download here
>>> <https://github.com/OWASP/Top10/raw/master/2017/OWASP%20Top%2010%20-%202017%20RC1-English.pdf>*
>>>
>>>
>>>
>>> Please forward to all the developers and development teams you know!!
>>> I’d love to get feedback from them too, and to start immediately raising
>>> awareness about what’s changed in this update to the OWASP Top 10. The
>>> primary change is the addition of two new categories:
>>>
>>>
>>> *2017-A7: Insufficient Attack Protection*
>>>
>>> *2017-A10: Underprotected APIs*
>>>
>>>
>>>
>>> We plan to release the final version of the OWASP Top 10 - 2017 in July
>>> or Aug. 2017 after a public comment period ending June 30, 2017.
>>>
>>>
>>>
>>> Constructive comments on this OWASP Top 10 - 2017 Release Candidate should
>>> be forwarded via email to OWASP-TopTen at lists.owasp.org. Private
>>> comments may be sent to dave.wichers at owasp.org .  Anonymous comments
>>> are welcome.  All  non-private comments will be catalogued and published at
>>> the same time as the final public release.  Comments recommending
>>> changes to the items listed in the Top 10 should include a complete
>>> suggested list of changes, along with a rationale for any changes. All
>>> comments should indicate the specific relevant page and section.
>>>
>>>
>>>
>>> Your feedback is critical to the continued success of the OWASP Top 10 Project.
>>> Thank you all for your dedication to improving the security of the world’s
>>> software for everyone.
>>>
>>>
>>>
>>> Thanks, Dave
>>>
>>>
>>>
>>> OWASP Top 10 Project Lead
>>>
>>> _______________________________________________
>>> OWASP-Leaders mailing list
>>> OWASP-Leaders at lists.owasp.org
>>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>>
>>>
>>
>>
>> --
>> OWASP ZAP <https://www.owasp.org/index.php/ZAP> Project leader
>>
>
>


-- 
OWASP ZAP <https://www.owasp.org/index.php/ZAP> Project leader
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-topten/attachments/20170412/12ff7bbb/attachment-0001.html>


More information about the Owasp-topten mailing list