Overview
Syllabus
Intro
OWASP Top 10 Risks - 2013
Cyber attacks
OWASP Application Security Verification Standard (ASVS)
OWASP ASVS
Verify for Security Early and Often
SOL injection example
Parameterize Queries
XSS Example
Contextual Encoding Libraries
Example of Validations
2nd Order SQL Injection Example
CS. Implement Identity and Authentication Controls
Strong cryptographic algorithms
Secure Password Storage
C5. Password Storage - How Not To Do It!
C5. Error Messages - How Not To Do It!
C5. Risks Addressed
Implement Appropriate Access Controls
Implement Logging and Intrusion Detection
Risks Addressed - All Top Ten!
Current state of software
Unmanaged 3 Party Components
Don't leak information
@OWASP Controls
Taught by
OWASP Foundation