The OWASP Top 10 list of the most critical web application security risks has finally been updated for the first time since 2013. This list, created by the Open Web Application Security Project (an open community dedicated to enabling organizations to create secure applications) often forms the basis of application security programs and frequently informs AppSec priorities.

The release candidate was published on April 10, 2017, and OWASP plans to release the final version in July or August after a public comment period ending June 30th.

The only major updates to the list are the addition of API security, and a recommendation to focus on runtime protection. Most agree that it’s significant that the top 10 list has not changed substantially since its inception. We clearly have a long way to go in terms of secure coding best practices.

However, although the update is relatively minor, controversy is swirling around it. In fact, many are raising questions about whether this list remains true to its stated intent. In episode 6 of Veracode’s AppSec in Review podcast series, Evan Schuman talks to Veracode’s VP of Research Chris Eng about this update and the controversy surrounding it.

Suzanne is a marketing writer at Veracode. In this role, she’s part of a team working to shed light on AppSec through compelling and clear content. Suzanne has been a professional editor and writer for many years, for companies including Forrester Research, Cengage Learning and EBSCO Information Services.

Comments (0)

Please Post Your Comments & Reviews

Your email address will not be published. Required fields are marked *

Love to learn about Application Security?

Get all the latest news, tips and articles delivered right to your inbox.

 

 

 

contact menu