OWASP Reference Codes

Hi guys,

My daughter is participating in a Cyber Security Competition and one of the challenges is about the OWASP reference codes for the top 10 vulnerabilities found in Websites in 2017. The challenge is pasted below:

White-hat researchers use the resources of OWASP to learn about security vulnerabilities in websites. OWASP (Open Web Application Security Project) is an open community dedicated to enabling organizations to develop, purchase, and maintain applications that can be trusted. Anyone can read the information on the OWASP websites to improve their understanding of Cyber Security, particularly how it affects websites.

Your challenge is to find Top 10 vulnerabilities found in websites, according to OWASP, in the year 2017. Once you find that list, drill down further and find the reference codes for the following three vulnerabilities:


Insecure Deserialisation

Sensitive Data Exposure

Each reference code will be in the format , for example ‘X71’ or ‘T5’ would be valid codes.

Concatenate your answers together in the order above, for example ‘X71T5C8’ might be your answer.

We could find no mention of said reference codes after searching online - any ideas on what these codes are?

Thanks very much, in advance!


My daughter also is the the completion. Her team are also struggling on that question.

Hey there,

Check this website: OWASP Top 10 2017

XSS - A7:2017-Cross-Site Scripting
Insecure Deserialisation - A8:2017-Insecure Deserialization
Sensitive Data Exposure - A3:2017-Sensitive Data Exposure

Hint: The reference codes are two characters, beginning with A.

Concatenate them and you will find your answer!


Thanks - the answer was indeed A7A8A3 (no spaces or any other punctuation).