The Open Web Application Security Project (OWASP) authors have published a new version of the global vulnerability rating. The last time this rating was updated in 2013.
OWASP TOP-10 is the informative document which widely used by various organizations, vulnerability bounty programs and cybersecurity experts to classify the level of vulnerabilities. In recent years, the rating has been updated a few times – in 2004, 2007, 2010, 2013 and 2017.
The top-rated vulnerabilities allow remote code injection, however there are a few changes in the new version of OWASP rating, as well as 3 new types of vulnerabilities – XXE (External Entity Expansion), Insecure Deserialization and Insufficient Logging & Monitoring.
The rating is compiled on the basis of user reports and open discussions.
You can find more detailed information about the top vulnerabilities on Owasp.org website.
Open Web Application Security Project (OWASP) – open project designed to ensure web applications security. The OWASP community includes corporations, educational organizations and individuals from around the world. The community is constantly working on creation of articles, manuals, documentation, tools and technologies that available for free use.