Overview
Explore a comprehensive conference talk that delves into the limitations of relying solely on the OWASP Top Ten for web application security. Learn why the OWASP Application Security Verification Standard (ASVS) v4.0 provides a more robust framework for defining and implementing secure software. Discover how the ASVS's 180+ requirements offer a nuanced approach to technical security controls for web and API applications, surpassing the basic awareness provided by top ten lists. Gain insights into using the ASVS as a foundation for a thorough Application Security program, covering topics such as architecture, authentication, password storage, session management, input validation, cryptography, data protection, communication security, business logic verification, and REST security.
Syllabus
Introduction
ASVS
The Team
NIST 863
Changes in web development
Common Weakness Enumeration
Standards Worth
Levels of Severity
DevOps
What we removed
Architecture
Authentication
Password Storage
Session Management
Input Validation
Store Cryptography
Data Protection
Communication Security
Business Logic Verification
REST Security
Taught by
NDC Conferences