Overview
Explore the 2013 OWASP Top 10 in this comprehensive 49-minute conference talk by Dave Wichers, COO of Aspect Security and OWASP Board member. Gain insights into the changes from the previous version and understand why they were made. Learn about each item in the 2013 OWASP Top 10, including the risks they pose to enterprises, how attackers can exploit them, and strategies for eliminating or mitigating these risks in your application portfolio. Discover the importance of the OWASP Top 10 as a de facto standard for web application security, referenced by numerous guidelines worldwide, including the Payment Card Industry (PCI) standard. Delve into topics such as security misconfiguration, using known vulnerable components, and missing function level access control. Benefit from Wichers' extensive experience in application security and his contributions to OWASP as he provides valuable insights for improving your organization's web application security posture.
Syllabus
Intro
Dave Wichers
About the OWASP Top 10
OWASP Top Ten (2013 Edition)
What Didn't Change
OWASP Top 10 Risk Rating Methodology
What's Changed?
Mapping from 2010 to 2013 Top 10
OWASP Top Ten 2010-A6 Security Misconfiguration
Everyone Uses Vulnerable Libraries
2013-A9 - Using Known Vulnerable Components
What Can You Do to Avoid This?
Automation Example for Java-Maven Versions Plugin
OWASP Dependency Check
Expanded A7-Missing Function Level Access Control
_OWASP Top 10 2013 Development Methodology
Taught by
OWASP Foundation