The Open Web Application Security Project (OWASP) is a global, nonprofit organization aiming to improve the security of applications and raise awareness of secure coding practices. They create new tools for both individuals and organizations, and build practical, knowledge-based documentation for the security community.
The OWASP Top 10 is a list of common and critical security vulnerabilities that could affect applications. The first version was released back in 2003, which was updated in 2013. However, as OWASP puts it, “change has accelerated over the last four years, and the OWASP Top 10 needed to change.”
This article clarifies the new web security risks as defined by OWASP, and draws a comparison between 2013 and 2017 versions by listing all the changes that have taken place.