A new version

[cesarkohl]

Hey @MarcinHoppe and team,

I'm Cesar, nice to meet you! I really like the Serverless Top 10 Project. I've been thinking about creating a PR with a new version corresponding to the OWASP 2021, but I'd like to know what would be your reaction beforehand.

Following OWASP Top 10 changes from 2017 to 2021, most changes would be related with reorganizing the documentation and a few parts would be created from scratch.

Additionally, I'd like to get your opinion on how relevant is this project nowadays in terms of market and for you. I wouldn't like to work onto something that is not needed anymore.

Best, Cesar

[MarcinHoppe]

I think the project is in need of ongoing maintenance and updating it to keep it up to date. Reconciling the current content with the OWASP Top 10 2021 is a good next step.

That said, I think currently the project is in a bit of a limbo state and could use more contributors and perhaps even new maintainers.

@4ppsec Would love to know what your take is.

[happyhacking-k]

Hi @MarcinHoppe , have you considered publish the top 10 vulnerabilities belong to serverless applications alone? The cloud native attributes and unique architecture attributes of serverless determine the top 10 vulnerability types, which may not necessarily correspond to the top 10 vulnerabilities of OWASP. I think the security attributes of serverless applications have their own unique security risks.