OWASP Top Ten 2017 2017 Top 10 OWASP Foundation

On the OWASP Project page, we list the data elements and structure we are looking for and how to submit them. We work with organizations as needed to help figure out the structure and mapping to CWEs. In 2017, we selected categories by incidence rate to determine likelihood, then ranked them by team discussion based on decades of experience for Exploitability, Detectability (also likelihood), and Technical Impact.

OWASP Top 10 2017 Update Lessons

If at all possible, please provide the additional metadata, because that will greatly help us gain more insights into the current state of testing and vulnerabilities. We get data from organizations that are testing vendors by trade, bug bounty vendors, and organizations that contribute internal testing data. Once we have the data, we load it together and run a fundamental analysis of what CWEs map to risk categories.

Process

Infosec Skills cyber ranges require no additional software, hardware or server space so your team can spend less time configuring environments and more time learning. Unlimited cyber range access is included in every Infosec Skills subscription so your team can skill up however they learn best. Also, would like to explore additional insights that could be gleaned from the contributed dataset to see what else can be learned that could be of use to the security and development communities. We will explore XML External Entities (XXE), Cross-Site Scripting (XSS) and Insecure Deserialization. At a bare minimum, we need the time period, total number of applications tested in the dataset, and the list of CWEs and counts of how many applications contained that CWE.