[Owasp-topten] Top ten 2017 RC

Joseph Mulhall josephmulhall at icloud.com
Thu May 4 16:40:44 UTC 2017

> On first glance, there is some overlap between A7 Insufficient Attack Protection and A10 Underprotected APIs which may confuse readers.  In an app sec conversation, 'protecting APIs' and 'protecting from attacks' mean similar things.

> In a number of common frameworks the distinction between prevention/protection, detection/response is made and understood throughout the industry - in short A10 deals with prevention/protection, A7 deals with detection and response.
> I would humbly suggest that A7 is renamed Insufficient Detection & Response for clarity of message.
> For both categories I welcome the architectural elements this brings into the OWASP top ten, which has been notably missing previously.


Joseph Mulhall
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-topten/attachments/20170504/96944afe/attachment.html>

More information about the Owasp-topten mailing list