source: https://owasp.org/www-pdf-archive/OWASP_Top_10-2017_%28en%29.pdf.pdf