A7 - Insufficient Attack Protection


The majority of applications and APIs lack the basic ability to detect, prevent, and respond to both manual and automated attacks. Attack protection goes far beyond basic input validation and involves automatically detecting, logging, responding, and even blocking exploit attempts. Application owners also need to be able to deploy patches quickly to protect against attacks.


The new Owasp Top 2017 introduces this new category; this Working Session presents an opportunity to challenge or support it.


  • Review data behind this new category
  • Review current description and text
  • What are the pros and cons of this category
  • Is this category important enough to be added to the new Top 10?


  • Security Professionals
  • AppSec teams
  • Tool vendors


Back to list of all Working Sessions and Tracks

Edit this page here