The year 2017 has been one of the worst years for online businesses. Cybercriminals have managed to steal millions of customers' data. Some of the notable hacks of 2017 include three billion Yahoo accounts stolen and 200 million Equifax accounts' data stolen, which included customers’ date of births and social security numbers. Last month, Uber announced millions of records stolen from their database, and many more.
Web developers must not only pay attention to the latest industry security trends and predictions but also must learn from the hacker trends and vulnerabilities. Some of the key functionaloties responsible for security risks inlcude injection, broken authentication, and lack of auditing and logging. These risks can be avoided by followign best practices and recommendations.
In a recent study and paper titled, OWASP Top 10 2017, OWASP has identified the top 10 Web application security risks of 2017. The report is based on data span vulnerabilities gathered from hundreds of organizations and over 100,000 real-world applications and APIs.
The following table lists the top 10 risks in 2017 compared with 2013.
The following table lists these risks in more detail.
The OWASP (Open Web Application Security Project) (OWASP) is an open community dedicated to enabling organizations to develop, purchase, and maintain applications and APIs that can be trusted. Learn more at here.