Overview
Explore the latest updates and changes in the OWASP Application Security Verification Standard 4.0 through this conference talk from nullcon Goa 2019. Learn about new controls, complete renumbering, and how to adapt the ASVS for specific industries or companies. Discover a novel attack technique and gain insights into modern web application security. Delve into topics such as architecture, authentication, session management, access control, cryptography, error handling, data protection, communications security, malicious code, business logic verification, API security, and configuration. Understand the importance of generally accepted security practices and find out how to contribute to this essential security standard.
Syllabus
Intro
Andrew van der Stock
What is the ASVS?
Who is involved?
What's new
Modern web applications
What's changed
is the new minimum
PCI DSS 6.5.x
What's gone
V1 Architecture
Authentication
Session Management
Access Control
Stored Cryptography
Error handling
Data Protection
Communications Security
Malicious Code
Business Logic Verification
Files and Resources
API Security
Configuration
Generally Accepted Security Practices
How to get involved
Taught by
nullcon