A second release candidate for the list of Most Critical types of vulnerabilities/risks for Web Apps by version of OWASP, has been published recently on their GitHub space.
There was significant changes since the previous OWASP Top 10 2013 list: some threats are not so actual these days, but another ones arose (such as XML External Entity (XXE), Insecure Deserealization, and Insufficient Logging & Monitoring).
The RC2 has Final postfix in its name meaning the document is ready to review and investigation.
Here is summary what’s new in 2017 list. However, if you have enough time I’d recommend that you read the entire document.
The Open Web Application Security Project (OWASP) is a 501(c)(3) worldwide not-for-profit charitable organization focused on improving the security of software.
OWASP is in a unique position to provide impartial, practical information about AppSec to individuals, corporations, universities, government agencies and other organizations worldwide. Operating as a community of like-minded professionals, OWASP issues software tools and knowledge-based documentation on application security.
Everyone is free to participate in OWASP and all their materials are available under a free and open software license. You’ll find everything about OWASP here on or linked from our wiki and current information on their OWASP Blog.