Which of the following web-application security risks are part of the OWASP Top 10 v2017? (Choose two.)
Which of the following web-application security risks are part of the OWASP Top 10 v2017? (Choose two.)
Two web-application security risks that are part of the OWASP Top 10 v2017 are cross-site scripting and injection flaws. Cross-site scripting (XSS) is addressed in the list as A07 and injection flaws are listed as A01. Buffer overflows, race-condition attacks, zero-day attacks, and ransomware attacks are not part of the OWASP Top 10 in 2017.
It should be B and E. The 2017 owasp top 10 list has these items: A01-Injection A02-Broken Authentication A03-Sensitive Data Exposure A04-XXE A05-Broken Access Control A06-Security Misconfiguration A07-XSS A08-Insecure Deserialization A09-Using Components with Known Vulnerabilities A10-Insufficient Logging & Monitoring Notice that buffer overflow is not in that list, but injection is (in fact, injection is number 1)
I agree. B and E make the correct answer
B and E
Like what someone posted already before, when you look up OWASP it's B & E
It's B&E
correct answer B and E
A1:2017 - Injection and A7:2017 - Cross-Site Scripting (XSS)
correct answers B,E
https://owasp.org/www-project-top-ten/2017/Top_10 B) Cross-site scripting E) Injection flaws