Burp Suite User Forum

Create new post

OWASP Top 10 updated (2017)

Donald | Last updated: Apr 24, 2017 08:08PM UTC

OWASP TOP 10 has been revised for 2017... noteably there are 3 new vulnerabilities listed; A4 - Broken Access Control, A7 - Insufficient Attack Protection, and A10 - Underprotected APIs. When do you plan on updating your OWASP top 10 with these, and map to OWASP feature/capabilities (https://support.portswigger.net/customer/portal/articles/1969845-using-burp-to-test-for-the-owasp-top-ten) ?

PortSwigger Agent | Last updated: Apr 25, 2017 07:28AM UTC

The new revision is currently in draft and is being widely discussed. We will update the article when the final version is confirmed.

PortSwigger Agent | Last updated: Apr 25, 2017 08:02AM UTC

The changes on OWASP 2017 are primarily reorganizing existing issues. We won't be changing the scanner based on these as we already have many checks beyond OWASP Top 10. However, we will look at updating that article. It won't be a top priority but we'll get to it.

Burp User | Last updated: May 15, 2017 12:56PM UTC

How do I implement the ng-owasp-ndc to find the vulnerabilities through burp

Burp User | Last updated: Nov 28, 2018 10:11AM UTC

Any further update on this?

You must be an existing, logged-in customer to reply to a thread. Please email us for additional support.