'OWASP Top 10' is one of OWASP’s top flagship projects. It represents a broad consensus about the most critical security risks to web applications. For a lot of organizations, it represents their security compass and the main direction for their application security planning and execution. For the first time since 2013, OWASP has updated its top 10; Not without a fair share of controversy. OWASP Top 10 for 2017 has gone through two versions and within its second version was able to gain enough community support to officially be recognized as the official Top 10 list for 2017. This presentation will go through the three new risks added: XML External Entities (XXE), Insecure Deserialization and Insufficient Logging & Monitoring. In addition, will go over the old risks that were merged, particularly Insecure Direct Object References and Missing Function Level Access Control