Skip to content

Davey Winder

delivering award-winning technology journalism since 1991

  • home
  • about me
  • follow me on mastodon
  • privacy policy
  • Toggle search form
cup of coffee, set on coffee beans

OWASP vulnerability chart suggests web app devs are not smelling the security coffee

Posted on November 24, 2017November 24, 2017 By Davey Winder

The top vulnerability remains ‘injection’ and cross site scripting (XSS) is still there, four years on from the last update!

The Open Web Application Security Project (OWASP) has just updated the top ten list of web app vulnerabilities for the first time since 2013. Not much has actually changed. Given that Verizon’s Data Breach Investigations Report (DBIR) for 2017 also found that of 1,935 confirmed breaches analysed, some 571 had involved web app attacks, the seriousness of the OWASP list becomes clear.

Altogether this paints a rather sad picture of an industry that hasn’t learned lessons. But is that portrait a fair representation of the web application development business? Is it really a case of developers refusing to smell the insecurity coffee, or is there something more complicated at work here?

Click here to read complete article

Analysis, Threat Intelligence, Vulnerabilities Tags:industry, Opinion, OWASP, Threats, webdev

Post navigation

Previous Post: Uber data breach cover-up: security pros speak out
Next Post: Social engineering: the biggest security risk to your business

Related Articles

Apple macOS, Microsoft Windows 11, Ubuntu Desktop Hacked During $1 Million Hacking Spree Announcements
New Samsung 0-Click Security Threat Alert, Disable Wi-Fi Calling Now Android
Microsoft Outlook Warning: Critical New Email Exploit Triggers Automatically—Update Now Analysis
Has Amazon’s Ring Been Hacked? Ransomware Gang Posts ‘Data Leak’ Threat Cybercrime
Is Bitwarden Doing Enough To Prevent Password Theft? New Research Reveals Attack Vector Analysis
Why You Should Stop Using LastPass After New Hack Method Update Breach

Categories

Post Archive

Tags

0day Analysis Android Apple Apps breach bug bounty Business Chrome crime Cybercrime Data Protection Encryption Enterprise Google Government hack Hackers Hacking healthcare industry iOS IoT iPhone Malware Microsoft News NHS Opinion passwords Phishing Privacy ransomware Research Russia Samsung threat intelligence Threatscape Update Vulnerabilites vulnerabilities Vulnerability Windows Windows 10 zero-day

Copyright © 2023 Davey Winder .

×
Cookies
We serve cookies. If you think that's ok, just click "Accept all". You can also choose what kind of cookies you want by clicking "Settings". Read our cookie policy
Settings Refuse all Accept all
Cookies
Choose what kind of cookies to accept. Your choice will be saved for one year. Read our cookie policy
  • Necessary
    These cookies are not optional. They are needed for the website to function.
  • Statistics
    In order for us to improve the website's functionality and structure, based on how the website is used.
  • Experience
    In order for our website to perform as well as possible during your visit. If you refuse these cookies, some functionality will disappear from the website.
  • Marketing
    By sharing your interests and behavior as you visit our site, you increase the chance of seeing personalized content and offers.
Save Refuse all Accept all
GDPR Cookie Policy