AppSec - From the OWASP Top Ten to the OWASP ASVS

Explore a comprehensive overview of application security standards in this conference talk from GOTO Chicago 2019. Delve into the misconceptions surrounding the OWASP Top Ten and learn why it should be considered only a starting point for web application security. Compare the OWASP Top Ten 2017 and the OWASP Top Ten Proactive Controls 2018 with the more extensive OWASP Application Security Verification Standard (ASVS) v4.0. Discover how the ASVS, with its 180+ requirements, provides a robust framework for defining secure software and can be used to test technical security controls in web and API applications. Gain insights into how developers can leverage the ASVS as a detailed guide for secure development, moving beyond the limitations of top ten lists. Join OWASP Project Leader, AppSec Enthusiast, and Java Champion Jim Manico as he shares his expertise on building a comprehensive security program and understanding the nuances of application security.