Homework10
The Module 12 reading list covers the following famous web vulnerabilities.
· Injections
· Cross-Site Scripting
· Cross-Site Request Forgery
Review the differences between OWASP Top Ten 2013 and 2017 version.
https://owasp.org/www-project-top-ten/OWASP_Top_Ten_2017/Top_10-2017_Release_Notes
Question 1
CSRF was at number 5 in 2010 OWASP Top 10; it was dropped down to number 8 when the 2013 version was released. It has fallen out of the Top 10 with the 2017 version. Why is CSRF dropped from the Top 10? Explain. (https://owasp.org/www-community/attacks/csrf)
Question 2
XSS was number 3 in the 2013 list, why might it have been lowered to 7 in 2017? (https://owasp.org/www-community/attacks/xss/)
Why can’t security teams stop injection vulnerabilities so that injection is always number 1 in the OWASP top 10 lists?