OWASP has published a draft list of the top 10 security vulnerabilities of 2017. The list is based on actual survey data of threats seen in the wild and serves as a great starting point for organizations struggling with security priorities. The majority of actual attacks, rather than proofs of concept, use simple and common vulnerabilities that in some cases are decades old. WASP is a group of security professionals who aggregate and publish this second type of vulnerabilities boring, but very common and very commonly exploited.”]
Source: https://blog.malwarebytes.com/security-world/2017/05/owasp-top-ten-boring-security-that-pays-off/