Update from 2017 to 2021 edition of OWASP Top 10

Question

Update from 2017 to 2021 edition of OWASP Top 10

bkimminich opened this issue 3 years ago · 1 comments

Answer 1 · 2022-01-02T22:51:45.000Z

⚠️ XSS and Injection will have to remain separate lectures as merging both would lead to one overlong lecture
🆕 SSRF needs separate new lecture or could be added as second topic to another shorter one
ℹ️ XXE can be split off the Deserialization lecture and merged into Security Misconfiguration instead (as both are relatively short)
ℹ️ Deserialization will be changed into Integrity Failures and extended with other examples from that new category
ℹ️ Other changes are mostly renames and reordering (which wasn't used in the order of lectures anyway)