AppSec: From the OWASP Top Ten(s) to the OWASP ASVS • Jim Manico • GOTO 2019
Вставка
- Опубліковано 15 лип 2019
- This presentation was recorded at GOTO Chicago 2019. #GOTOcon #GOTOchgo
gotochgo.com
Jim Manico - OWASP Project Leader, AppSec Enthusiast and Java Champion
ABSTRACT
Some people are under the misconception that if they follow the OWASP top 10 that they will have secure web applications. But in reality the OWASP Top Ten (and other top ten lists) are just the bare minimum that at best provide entry-level general awareness. A more comprehensive understanding of Application Security is needed.
This talk will review the OWASP Top Ten 2017 and the OWASP Top Ten Proactive Controls 2018 and compare them to a more comprehensive standard: the OWASP Application Security Verification Standard (ASVS) v4.0. OWASP's ASVS contains over 180 requirements that can provide a basis for defining what secure software really is. The OWASP ASVS can be used to help test technical security controls of web and API applications. It can also be used to provide developers with a list of requirements for secure development with much more nuance and detail than a top ten list! You cannot base a security program [...]
Download slides and read the full abstract here:
gotochgo.com/2019/sessions/709
/ gotochgo
/ gotoconference
/ goto-
gotocon.com
#AppSec #OWASP #OWASPTop10 #OWASPASVS #security
Looking for a unique learning experience?
Attend the next GOTO Conference near you! Get your ticket at gotocon.com
SUBSCRIBE TO OUR CHANNEL - new videos posted almost daily.
ua-cam.com/users/GotoConf... - Наука та технологія
excellent, glad that i stumbled across this.
This is a truly compelling way of presenting this topic. I like the enthusiasm and fire in his presentation.
glad to see jim hopper adjusting well to the 21st century
great talk never boring
passphrase is the BEST!!!!
good talk wish he would have had more time
This was before log4j came out lol
22:24 lmao
"npm.. is a security shit show". 🤣 🤫