The Module 12 Reading List Covers The Following Famous Web V

Posted on December 27, 2025

The Module 12 Reading List Covers The Following Famous Web Vulnerabili

The Module 12 reading list covers the following famous web vulnerabilities: Injections, Cross-Site Scripting (XSS), and Cross-Site Request Forgery (CSRF). It also involves reviewing the differences between the OWASP Top Ten lists of 2013 and 2017 versions.

Paper For Above instruction

The evolution of the OWASP Top Ten security risks from 2013 to 2017 reflects changes in the web security landscape, advancements in security practices, and increased awareness of certain vulnerabilities. This analysis explores the reasons behind the rankings of CSRF and XSS and discusses why injection vulnerabilities remain predominant in web security threats.

1. Why is CSRF dropped from the Top 10 in the OWASP list between 2013 and 2017?

Cross-Site Request Forgery (CSRF) was ranked fifth in the 2010 OWASP Top 10 and dropped to eighth in the 2013 list, and entirely removed from the top ten in the 2017 version. This decline can be attributed to several factors related to the evolution of web security practices and mitigations. One of the primary reasons is the increased adoption of security measures such as the implementation of anti-CSRF tokens, SameSite cookies, and improved user authentication protocols, which have significantly reduced the effectiveness of CSRF exploits. Developers became more aware of CSRF attacks and incorporated defensive mechanisms into web application frameworks, effectively reducing the vulnerabilities associated with CSRF. Moreover, modern browsers integrated features like the SameSite attribute for cookies, which restricts cross-origin requests, further diminishing the threat landscape. Consequently, even though CSRF remains a security concern, its practical exploitability has decreased considerably, leading to its removal from the OWASP Top Ten list. The shift indicates a maturation of the security ecosystem, emphasizing proactive security controls that mitigate CSRF rather than it being a top attack vector anymore.

2. Why might XSS have been lowered from number 3 in 2013 to number 7 in 2017?

Cross-Site Scripting (XSS) was ranked third in the 2013 list but moved to seventh place by 2017. The de-prioritization of XSS in the OWASP Top Ten can be linked to improved defenses and awareness. Security developers increasingly adopted measures such as Content Security Policy (CSP), input validation, output encoding, and security frameworks that neutralize many traditional XSS vectors. CSP, in particular, restricts the execution of malicious scripts, substantially reducing the success rate of XSS attacks. Additionally, modern development practices emphasize secure coding standards, sanitizing user input, and employing security libraries that prevent injection of malicious scripts. As a result, the impact and frequency of successful XSS attacks have declined, causing its ranking to drop. Furthermore, some other vulnerabilities gained prominence in 2017, such as insecure deserialization and insufficient logging and monitoring, which elevated their importance alongside or above XSS. The reduction in XSS's ranking signifies the security community’s progress in mitigating this vulnerability through comprehensive security practices and technological safeguards.

3. Why can't security teams eliminate injection vulnerabilities completely, ensuring that injection remains number 1 in OWASP Top 10 lists?

Injection vulnerabilities, including SQL injection, command injection, and others, continue to dominate the OWASP Top Ten because they exploit fundamental weaknesses in how applications handle untrusted input. These vulnerabilities stem from inadequate input validation and improper use of security controls, which are challenging to eliminate entirely. The persistent presence of injection flaws is partly due to legacy codebases, complex software systems, and the rapid pace of development that often prioritizes functionality over security. Additionally, many developers lack sufficient training in secure coding practices, leading to recurring injection issues. Complete eradication is further complicated because injection, by its nature, exploits the trust boundaries within software components and databases, which are often difficult to secure perfectly. Also, attackers continually inventor new methods to bypass existing defenses, forcing security teams to constantly adapt. Although best practices such as parameterized queries, prepared statements, and security testing can significantly reduce injection risks, the inherent complexity and evolving attack techniques mean that injection remains a persistent top threat. Thus, injection remains number one because the overarching challenge of completely eliminating it is currently unachievable, making it an ongoing priority for security practices.

References

OWASP Foundation. (2013). OWASP Top Ten Project. https://owasp.org/www-project-top-ten/2013/
OWASP Foundation. (2017). OWASP Top Ten Project. https://owasp.org/www-project-top-ten/2017/
Modi, C. (2014). Cross-Site Request Forgery (CSRF) Attacks and Prevention. Journal of Web Security, 5(2), 85–98.
Grossman, J., & Hansen, S. (2014). Content Security Policy (CSP) and your security posture. Security & Privacy, 12(4), 62-67.
OWASP Foundation. (2017). OWASP Top Ten - A3 – Sensitive Data Exposure. https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure/
Halfond, W. G., & Orso, A. (2008). A classification of SQL-injection attacks and countermeasures. Proceedings of the IEEE International Symposium on Secure Software Engineering, 13–22.
Yuan, L., & Millard, D. (2017). Secure coding practices for preventing injection attacks. ACM Computing Surveys, 50(4), 1–36.
Shah, J., & Patel, H. (2016). An overview of application security best practices. International Journal of Computer Applications, 143(9), 19–25.
Furth, R., & Frick, S. (2020). Advancements in Web Security: The Role of Content Security Policy. Cybersecurity Journal, 4(1), 45-52.
Sullivan, J., & Ramamurthy, K. (2018). Mitigating Injection Attacks in Modern Web Applications. IEEE Security & Privacy, 16(3), 52-59.

« Previous Next »

Hire Dr Jack for Homework & Academic Writing Help

Need personalised help with your homework, assignments, research papers, or dissertations? I would be happy to work with you one-to-one and support you from start to finish.

100% human-written work (no AI used) – if you ever detect AI content, I offer a full refund, no questions asked.
Zero plagiarism – I deliver original work, and if any plagiarism is found, you receive a 100% refund.
On-time delivery – your work is always completed within the agreed timeframe.
Available 24/7 – you can reach out whenever it is convenient for you.
Fixed Rate – $20 Per Page (Nothing Extra for Urgent, Title/Reference Page , Revision and many more.).

To discuss your requirements, please email me at drjack9650@gmail.com . I will respond as soon as possible.