L’OWASP, Open Web Application Security Project, se prépare à publier une nouvelle version de son fameux top 10. Celle-ci devrait être diffusée en juillet ou août 2017 après une consultation publique se terminant le 30 juin 2017.
L'essentiel Cybersécurité, IA & Tech
Rejoignez la communauté. 3 fois par semaine, recevez l'analyse des tendances par Marc Barbezat. Pas de spam, juste de l'info.
https://dcod.ch/wp-content/uploads/2017/04/OWASP-Top-10-2017-RC1-English.pdf
Cette nouvelle version intègre en particulier 2 nouvelles catégories qui se décrivent de la manière suivante:
“Insufficient attack protection“: “The majority of applications and APIs lack the basic ability to detect, prevent, and respond to both manual and automated attacks. Attack protection goes far beyond basic input validation and involves automatically detecting, logging, responding, and even blocking exploit attempts. Application owners also need to be able to deploy patches quickly to protect against attacks.”
“Unprotected APIs”: “Modern applications often involve rich client applications and APIs, such as JavaScript in the browser and mobile apps, that connect to an API of some kind (SOAP/XML, REST/JSON, RPC, GWT, etc.). These APIs are often unprotected and contain numerous vulnerabilities.”
Pour en savoir plus, la page du Top 10 OWASP:
OWASP Top Ten
The OWASP Top 10 is the reference standard for the most critical web application security risks. Adopting the OWASP Top 10 is perhaps the most effective first step towards changing your software development culture focused on producing secure code.
Et également à lire ici:
2017 OWASP Top 10 is out, you can submit your comment until June
The Open Web Application Security Project (OWASP) presented the first release candidate for the 2017 OWASP Top 10, it includes 2 new categories.
Zéro paywall. Zéro pub.
DCOD reste en accès libre grâce à vos contributions. Chaque café compte.
