SlideShare a Scribd company logo

OWASP Top 10 2021 - let's take a closer look by Glenn Wilson

Download as PPTX, PDF
A
Alex Cachia

In this talk Glenn will walk you through the OWASP top 10 published towards the end of 2021 to explain what's hot and what's hotter. He will give a brief description of each weakness and explain how these they are exploited and, more importantly, what you can do to mitigate against attackers exploiting them in your code

Technology
1 of 16
OWASP Top 10 2021 What you need to know…
What is the OWASP Top 10?
“The OWASP Top 10 is a standard awarenessdocument for developers and webapplicationsecurity. It represents a broad consensus about the most criticalsecurity risks to web applications.” OWASP.ORG
2003 2004 2007 2010 2013 2017 2021 First version of top 10produced byOWASP Current version
A01 Broken Access Control A02 Cryptographic Failures A03 Injection A04 Insecure Design A05 Security Misconfiguration A06 Vulnerable and Outdated Components A07 Identification and Authentication Failures A08 Software and Data Integrity Failures A09 Security Logging and Monitoring Failures A10 Server Side Request Forgery (SSRF)
• Data is collected from multiple organisations • Data is mappedto CWE categories • Select categories with highest incident rates • Ranked by exploitability and impact
How do we use the OWASP Top10?
1. Education programme – entry level (awareness) training 2. Minimum baseline for coding standards 3. Minimum baseline for security testing / code reviews
“Tools cannotcomprehensivelydetect, test, or protect against the OWASP Top 10 due to the nature of severalof the OWASP Top 10 risks” OWASP.ORG WARNING
Go beyondthe bare minimum
• A basis for testing web application technical security controls • A list of requirements for securedevelopment Adopt the OWASP Application Security Verification Standard (ASVS)
Establish an AppSecprogramme
1. Identify the gaps and goals of your AppSec programme • Use OWASP Software Assurance Security Model (SAMM) 2. Plan an AppSec programme to close the gaps 3. Implement AppSec programme with your development teams 4. Migrate all upcoming and existing applications to the AppSec programme 5. Test that the AppSec programme road has mitigated the issues found in the OWASP Top 10 6. Build your program into a mature AppSec programme
An AppSec programmeis built on three layers
Questions?
glenn.wilson@dynaminet.co.uk https://dynaminet.com/contact https://www.linkedin.com/in/glennwilson @GlennDynaminet Find me…

Recommended

OWASP Top 10 2021 What's New
OWASP Top 10 2021 What's NewOWASP Top 10 2021 What's New
OWASP Top 10 2021 What's NewMichael Furman
 
OWASP Top 10 2021 Presentation (Jul 2022)
OWASP Top 10 2021 Presentation (Jul 2022)OWASP Top 10 2021 Presentation (Jul 2022)
OWASP Top 10 2021 Presentation (Jul 2022)TzahiArabov
 
Top 10 Web Security Vulnerabilities (OWASP Top 10)
Top 10 Web Security Vulnerabilities (OWASP Top 10)Top 10 Web Security Vulnerabilities (OWASP Top 10)
Top 10 Web Security Vulnerabilities (OWASP Top 10)Brian Huff
 
Owasp top 10 vulnerabilities
Owasp top 10 vulnerabilitiesOwasp top 10 vulnerabilities
Owasp top 10 vulnerabilitiesOWASP Delhi
 
OWASP Top 10 Web Application Vulnerabilities
OWASP Top 10 Web Application VulnerabilitiesOWASP Top 10 Web Application Vulnerabilities
OWASP Top 10 Web Application VulnerabilitiesSoftware Guru
 
Automated Security Analysis of Android & iOS Applications with Mobile Securit...
Automated Security Analysis of Android & iOS Applications with Mobile Securit...Automated Security Analysis of Android & iOS Applications with Mobile Securit...
Automated Security Analysis of Android & iOS Applications with Mobile Securit...Ajin Abraham
 
OWASP Mobile Top 10
OWASP Mobile Top 10OWASP Mobile Top 10
OWASP Mobile Top 10NowSecure
 
OWASP TOP 10 VULNERABILITIS
OWASP TOP 10 VULNERABILITISOWASP TOP 10 VULNERABILITIS
OWASP TOP 10 VULNERABILITISNull Bhubaneswar
 

Recommended

OWASP Top 10 2021 What's New
OWASP Top 10 2021 What's NewOWASP Top 10 2021 What's New
OWASP Top 10 2021 What's NewMichael Furman
 
OWASP Top 10 2021 Presentation (Jul 2022)
OWASP Top 10 2021 Presentation (Jul 2022)OWASP Top 10 2021 Presentation (Jul 2022)
OWASP Top 10 2021 Presentation (Jul 2022)TzahiArabov
 
Top 10 Web Security Vulnerabilities (OWASP Top 10)
Top 10 Web Security Vulnerabilities (OWASP Top 10)Top 10 Web Security Vulnerabilities (OWASP Top 10)
Top 10 Web Security Vulnerabilities (OWASP Top 10)Brian Huff
 
Owasp top 10 vulnerabilities
Owasp top 10 vulnerabilitiesOwasp top 10 vulnerabilities
Owasp top 10 vulnerabilitiesOWASP Delhi
 
OWASP Top 10 Web Application Vulnerabilities
OWASP Top 10 Web Application VulnerabilitiesOWASP Top 10 Web Application Vulnerabilities
OWASP Top 10 Web Application VulnerabilitiesSoftware Guru
 
Automated Security Analysis of Android & iOS Applications with Mobile Securit...
Automated Security Analysis of Android & iOS Applications with Mobile Securit...Automated Security Analysis of Android & iOS Applications with Mobile Securit...
Automated Security Analysis of Android & iOS Applications with Mobile Securit...Ajin Abraham
 
OWASP Mobile Top 10
OWASP Mobile Top 10OWASP Mobile Top 10
OWASP Mobile Top 10NowSecure
 
OWASP TOP 10 VULNERABILITIS
OWASP TOP 10 VULNERABILITISOWASP TOP 10 VULNERABILITIS
OWASP TOP 10 VULNERABILITISNull Bhubaneswar
 
A5: Security Misconfiguration
A5: Security Misconfiguration A5: Security Misconfiguration
A5: Security Misconfiguration Tariq Islam
 
OWASP Top 10 And Insecure Software Root Causes
OWASP Top 10 And Insecure Software Root CausesOWASP Top 10 And Insecure Software Root Causes
OWASP Top 10 And Insecure Software Root CausesMarco Morana
 
Cross site scripting
Cross site scriptingCross site scripting
Cross site scriptingn|u - The Open Security Community
 
Penetration testing
Penetration testingPenetration testing
Penetration testingAmmar WK
 
How to Prevent RFI and LFI Attacks
How to Prevent RFI and LFI AttacksHow to Prevent RFI and LFI Attacks
How to Prevent RFI and LFI AttacksImperva
 
Vulnerabilities in modern web applications
Vulnerabilities in modern web applicationsVulnerabilities in modern web applications
Vulnerabilities in modern web applicationsNiyas Nazar
 
Web Application Security and Awareness
Web Application Security and AwarenessWeb Application Security and Awareness
Web Application Security and AwarenessAbdul Rahman Sherzad
 
Cross Site Scripting: Prevention and Detection(XSS)
Cross Site Scripting: Prevention and Detection(XSS)Cross Site Scripting: Prevention and Detection(XSS)
Cross Site Scripting: Prevention and Detection(XSS)Aman Singh
 
Security testing
Security testingSecurity testing
Security testingTabăra de Testare
 
Building Advanced XSS Vectors
Building Advanced XSS VectorsBuilding Advanced XSS Vectors
Building Advanced XSS VectorsRodolfo Assis (Brute)
 
Cache poisoning
Cache poisoningCache poisoning
Cache poisoningAlexandraLacatus
 
Secure coding-guidelines
Secure coding-guidelinesSecure coding-guidelines
Secure coding-guidelinesTrupti Shiralkar, CISSP
 
Introduction To OWASP
Introduction To OWASPIntroduction To OWASP
Introduction To OWASPMarco Morana
 
Nullcon Goa 2016 - Automated Mobile Application Security Testing with Mobile ...
Nullcon Goa 2016 - Automated Mobile Application Security Testing with Mobile ...Nullcon Goa 2016 - Automated Mobile Application Security Testing with Mobile ...
Nullcon Goa 2016 - Automated Mobile Application Security Testing with Mobile ...Ajin Abraham
 
Hacking and Defending APIs - Red and Blue make Purple.pdf
Hacking and Defending APIs - Red and Blue make Purple.pdfHacking and Defending APIs - Red and Blue make Purple.pdf
Hacking and Defending APIs - Red and Blue make Purple.pdfMatt Tesauro
 
Vulnerable_and_outdated_components_suman.pptx
Vulnerable_and_outdated_components_suman.pptxVulnerable_and_outdated_components_suman.pptx
Vulnerable_and_outdated_components_suman.pptxSuman Astani
 
Owasp top 10
Owasp top 10Owasp top 10
Owasp top 10YasserElsnbary
 
Secure Coding principles by example: Build Security In from the start - Carlo...
Secure Coding principles by example: Build Security In from the start - Carlo...Secure Coding principles by example: Build Security In from the start - Carlo...
Secure Coding principles by example: Build Security In from the start - Carlo...Codemotion
 
What is security testing and why it is so important?
What is security testing and why it is so important?What is security testing and why it is so important?
What is security testing and why it is so important?ONE BCG
 
Pentesting Rest API's by :- Gaurang Bhatnagar
Pentesting Rest API's by :- Gaurang BhatnagarPentesting Rest API's by :- Gaurang Bhatnagar
Pentesting Rest API's by :- Gaurang BhatnagarOWASP Delhi
 
Owasp o
Owasp oOwasp o
Owasp oSagar Nangare
 
OWASP Overview of Projects You Can Use Today - DefCamp 2012
OWASP Overview of Projects You Can Use Today - DefCamp 2012OWASP Overview of Projects You Can Use Today - DefCamp 2012
OWASP Overview of Projects You Can Use Today - DefCamp 2012DefCamp
 

More Related Content

What's hot

A5: Security Misconfiguration
A5: Security Misconfiguration A5: Security Misconfiguration
A5: Security Misconfiguration Tariq Islam
 
OWASP Top 10 And Insecure Software Root Causes
OWASP Top 10 And Insecure Software Root CausesOWASP Top 10 And Insecure Software Root Causes
OWASP Top 10 And Insecure Software Root CausesMarco Morana
 
Penetration testing
Penetration testingPenetration testing
Penetration testingAmmar WK
 
How to Prevent RFI and LFI Attacks
How to Prevent RFI and LFI AttacksHow to Prevent RFI and LFI Attacks
How to Prevent RFI and LFI AttacksImperva
 
Vulnerabilities in modern web applications
Vulnerabilities in modern web applicationsVulnerabilities in modern web applications
Vulnerabilities in modern web applicationsNiyas Nazar
 
Web Application Security and Awareness
Web Application Security and AwarenessWeb Application Security and Awareness
Web Application Security and AwarenessAbdul Rahman Sherzad
 
Cross Site Scripting: Prevention and Detection(XSS)
Cross Site Scripting: Prevention and Detection(XSS)Cross Site Scripting: Prevention and Detection(XSS)
Cross Site Scripting: Prevention and Detection(XSS)Aman Singh
 
Introduction To OWASP
Introduction To OWASPIntroduction To OWASP
Introduction To OWASPMarco Morana
 
Nullcon Goa 2016 - Automated Mobile Application Security Testing with Mobile ...
Nullcon Goa 2016 - Automated Mobile Application Security Testing with Mobile ...Nullcon Goa 2016 - Automated Mobile Application Security Testing with Mobile ...
Nullcon Goa 2016 - Automated Mobile Application Security Testing with Mobile ...Ajin Abraham
 
Hacking and Defending APIs - Red and Blue make Purple.pdf
Hacking and Defending APIs - Red and Blue make Purple.pdfHacking and Defending APIs - Red and Blue make Purple.pdf
Hacking and Defending APIs - Red and Blue make Purple.pdfMatt Tesauro
 
Vulnerable_and_outdated_components_suman.pptx
Vulnerable_and_outdated_components_suman.pptxVulnerable_and_outdated_components_suman.pptx
Vulnerable_and_outdated_components_suman.pptxSuman Astani
 
Secure Coding principles by example: Build Security In from the start - Carlo...
Secure Coding principles by example: Build Security In from the start - Carlo...Secure Coding principles by example: Build Security In from the start - Carlo...
Secure Coding principles by example: Build Security In from the start - Carlo...Codemotion
 
What is security testing and why it is so important?
What is security testing and why it is so important?What is security testing and why it is so important?
What is security testing and why it is so important?ONE BCG
 
Pentesting Rest API's by :- Gaurang Bhatnagar
Pentesting Rest API's by :- Gaurang BhatnagarPentesting Rest API's by :- Gaurang Bhatnagar
Pentesting Rest API's by :- Gaurang BhatnagarOWASP Delhi
 

What's hot (20)

A5: Security Misconfiguration
A5: Security Misconfiguration A5: Security Misconfiguration
A5: Security Misconfiguration
 
OWASP Top 10 And Insecure Software Root Causes
OWASP Top 10 And Insecure Software Root CausesOWASP Top 10 And Insecure Software Root Causes
OWASP Top 10 And Insecure Software Root Causes
 
Cross site scripting
Cross site scriptingCross site scripting
Cross site scripting
 
Penetration testing
Penetration testingPenetration testing
Penetration testing
 
How to Prevent RFI and LFI Attacks
How to Prevent RFI and LFI AttacksHow to Prevent RFI and LFI Attacks
How to Prevent RFI and LFI Attacks
 
Vulnerabilities in modern web applications
Vulnerabilities in modern web applicationsVulnerabilities in modern web applications
Vulnerabilities in modern web applications
 
Web Application Security and Awareness
Web Application Security and AwarenessWeb Application Security and Awareness
Web Application Security and Awareness
 
Cross Site Scripting: Prevention and Detection(XSS)
Cross Site Scripting: Prevention and Detection(XSS)Cross Site Scripting: Prevention and Detection(XSS)
Cross Site Scripting: Prevention and Detection(XSS)
 
Security testing
Security testingSecurity testing
Security testing
 
Building Advanced XSS Vectors
Building Advanced XSS VectorsBuilding Advanced XSS Vectors
Building Advanced XSS Vectors
 
Cache poisoning
Cache poisoningCache poisoning
Cache poisoning
 
Secure coding-guidelines
Secure coding-guidelinesSecure coding-guidelines
Secure coding-guidelines
 
Introduction To OWASP
Introduction To OWASPIntroduction To OWASP
Introduction To OWASP
 
Nullcon Goa 2016 - Automated Mobile Application Security Testing with Mobile ...
Nullcon Goa 2016 - Automated Mobile Application Security Testing with Mobile ...Nullcon Goa 2016 - Automated Mobile Application Security Testing with Mobile ...
Nullcon Goa 2016 - Automated Mobile Application Security Testing with Mobile ...
 
Hacking and Defending APIs - Red and Blue make Purple.pdf
Hacking and Defending APIs - Red and Blue make Purple.pdfHacking and Defending APIs - Red and Blue make Purple.pdf
Hacking and Defending APIs - Red and Blue make Purple.pdf
 
Vulnerable_and_outdated_components_suman.pptx
Vulnerable_and_outdated_components_suman.pptxVulnerable_and_outdated_components_suman.pptx
Vulnerable_and_outdated_components_suman.pptx
 
Owasp top 10
Owasp top 10Owasp top 10
Owasp top 10
 
Secure Coding principles by example: Build Security In from the start - Carlo...
Secure Coding principles by example: Build Security In from the start - Carlo...Secure Coding principles by example: Build Security In from the start - Carlo...
Secure Coding principles by example: Build Security In from the start - Carlo...
 
What is security testing and why it is so important?
What is security testing and why it is so important?What is security testing and why it is so important?
What is security testing and why it is so important?
 
Pentesting Rest API's by :- Gaurang Bhatnagar
Pentesting Rest API's by :- Gaurang BhatnagarPentesting Rest API's by :- Gaurang Bhatnagar
Pentesting Rest API's by :- Gaurang Bhatnagar
 

Similar to OWASP Top 10 2021 - let's take a closer look by Glenn Wilson

OWASP Overview of Projects You Can Use Today - DefCamp 2012
OWASP Overview of Projects You Can Use Today - DefCamp 2012OWASP Overview of Projects You Can Use Today - DefCamp 2012
OWASP Overview of Projects You Can Use Today - DefCamp 2012DefCamp
 
White Paper: Leveraging The OWASP Top Ten to Simplify application security a...
White Paper: Leveraging The OWASP Top Ten to Simplify application security a...White Paper: Leveraging The OWASP Top Ten to Simplify application security a...
White Paper: Leveraging The OWASP Top Ten to Simplify application security a...Security Innovation
 
Owasp top 10 2013 - rc1
Owasp top 10 2013 - rc1Owasp top 10 2013 - rc1
Owasp top 10 2013 - rc1Ajay Ohri
 
Owasp top 10 2013
Owasp top 10 2013Owasp top 10 2013
Owasp top 10 2013Aryan G
 
Owasp top 10_-_2013
Owasp top 10_-_2013Owasp top 10_-_2013
Owasp top 10_-_2013Edho Armando
 
Owasp top 10 2013
Owasp top 10 2013Owasp top 10 2013
Owasp top 10 2013Bee_Ware
 
529 owasp top 10 2013 - rc1[1]
529 owasp top 10 2013 - rc1[1]529 owasp top 10 2013 - rc1[1]
529 owasp top 10 2013 - rc1[1]geeksec80
 
529 owasp top 10 2013 - rc1[1]
529 owasp top 10 2013 - rc1[1]529 owasp top 10 2013 - rc1[1]
529 owasp top 10 2013 - rc1[1]geeksec0306
 
OWASP Knoxville Inaugural Chapter Meeting
OWASP Knoxville Inaugural Chapter MeetingOWASP Knoxville Inaugural Chapter Meeting
OWASP Knoxville Inaugural Chapter MeetingPhil Agcaoili
 
OWASP Top 10 2007 for JavaEE
OWASP Top 10 2007 for JavaEE OWASP Top 10 2007 for JavaEE
OWASP Top 10 2007 for JavaEE Magno Logan
 
App sec owasp from developers prospective
App sec owasp from developers prospectiveApp sec owasp from developers prospective
App sec owasp from developers prospectiveSecurity Innovation
 
Owasp top 10-2017
Owasp top 10-2017Owasp top 10-2017
Owasp top 10-2017malvvv
 
Owasp top 10 2017 (en)
Owasp top 10 2017 (en)Owasp top 10 2017 (en)
Owasp top 10 2017 (en)PrashantDhakol
 
OWASP_Top_10-2017_(en).pdf.pdf
OWASP_Top_10-2017_(en).pdf.pdfOWASP_Top_10-2017_(en).pdf.pdf
OWASP_Top_10-2017_(en).pdf.pdfSamSepiolRhodes
 
OWASP - Building Secure Web Applications
OWASP - Building Secure Web ApplicationsOWASP - Building Secure Web Applications
OWASP - Building Secure Web Applicationsalexbe
 

Similar to OWASP Top 10 2021 - let's take a closer look by Glenn Wilson (20)

Owasp o
Owasp oOwasp o
Owasp o
 
OWASP Overview of Projects You Can Use Today - DefCamp 2012
OWASP Overview of Projects You Can Use Today - DefCamp 2012OWASP Overview of Projects You Can Use Today - DefCamp 2012
OWASP Overview of Projects You Can Use Today - DefCamp 2012
 
White Paper: Leveraging The OWASP Top Ten to Simplify application security a...
White Paper: Leveraging The OWASP Top Ten to Simplify application security a...White Paper: Leveraging The OWASP Top Ten to Simplify application security a...
White Paper: Leveraging The OWASP Top Ten to Simplify application security a...
 
OWASP Top Ten 2013
OWASP Top Ten 2013OWASP Top Ten 2013
OWASP Top Ten 2013
 
Owasp top 10
Owasp top 10 Owasp top 10
Owasp top 10
 
Owasp top 10 2013 - rc1
Owasp top 10 2013 - rc1Owasp top 10 2013 - rc1
Owasp top 10 2013 - rc1
 
Owasp top 10 2013
Owasp top 10 2013Owasp top 10 2013
Owasp top 10 2013
 
Owasp top 10_-_2013
Owasp top 10_-_2013Owasp top 10_-_2013
Owasp top 10_-_2013
 
Owasp top 10 2013
Owasp top 10 2013Owasp top 10 2013
Owasp top 10 2013
 
529 owasp top 10 2013 - rc1[1]
529 owasp top 10 2013 - rc1[1]529 owasp top 10 2013 - rc1[1]
529 owasp top 10 2013 - rc1[1]
 
529 owasp top 10 2013 - rc1[1]
529 owasp top 10 2013 - rc1[1]529 owasp top 10 2013 - rc1[1]
529 owasp top 10 2013 - rc1[1]
 
Owasp Top 10
Owasp Top 10Owasp Top 10
Owasp Top 10
 
OWASP Knoxville Inaugural Chapter Meeting
OWASP Knoxville Inaugural Chapter MeetingOWASP Knoxville Inaugural Chapter Meeting
OWASP Knoxville Inaugural Chapter Meeting
 
OWASP an Introduction
OWASP an Introduction OWASP an Introduction
OWASP an Introduction
 
OWASP Top 10 2007 for JavaEE
OWASP Top 10 2007 for JavaEE OWASP Top 10 2007 for JavaEE
OWASP Top 10 2007 for JavaEE
 
App sec owasp from developers prospective
App sec owasp from developers prospectiveApp sec owasp from developers prospective
App sec owasp from developers prospective
 
Owasp top 10-2017
Owasp top 10-2017Owasp top 10-2017
Owasp top 10-2017
 
Owasp top 10 2017 (en)
Owasp top 10 2017 (en)Owasp top 10 2017 (en)
Owasp top 10 2017 (en)
 
OWASP_Top_10-2017_(en).pdf.pdf
OWASP_Top_10-2017_(en).pdf.pdfOWASP_Top_10-2017_(en).pdf.pdf
OWASP_Top_10-2017_(en).pdf.pdf
 
OWASP - Building Secure Web Applications
OWASP - Building Secure Web ApplicationsOWASP - Building Secure Web Applications
OWASP - Building Secure Web Applications
 

More from Alex Cachia

No Onions, No Tiers - An Introduction to Vertical Slice Architecture by Bill ...
No Onions, No Tiers - An Introduction to Vertical Slice Architecture by Bill ...No Onions, No Tiers - An Introduction to Vertical Slice Architecture by Bill ...
No Onions, No Tiers - An Introduction to Vertical Slice Architecture by Bill ...Alex Cachia
 
Supporting IT by David Meares
Supporting IT by David MearesSupporting IT by David Meares
Supporting IT by David MearesAlex Cachia
 
If you think open source is not for you, think again by Jane Chakravorty
If you think open source is not for you, think again by Jane ChakravortyIf you think open source is not for you, think again by Jane Chakravorty
If you think open source is not for you, think again by Jane ChakravortyAlex Cachia
 
Chaos Engineering – why we should all practice breaking things on purpose by ...
Chaos Engineering – why we should all practice breaking things on purpose by ...Chaos Engineering – why we should all practice breaking things on purpose by ...
Chaos Engineering – why we should all practice breaking things on purpose by ...Alex Cachia
 
A brief overview of the history and practice of user experience by Ian Westbrook
A brief overview of the history and practice of user experience by Ian WestbrookA brief overview of the history and practice of user experience by Ian Westbrook
A brief overview of the history and practice of user experience by Ian WestbrookAlex Cachia
 
Return the carriage, feed the line by Aaron Taylor
Return the carriage, feed the line by Aaron TaylorReturn the carriage, feed the line by Aaron Taylor
Return the carriage, feed the line by Aaron TaylorAlex Cachia
 
Treating your career path and training like leveling up in games by Raymond C...
Treating your career path and training like leveling up in games by Raymond C...Treating your career path and training like leveling up in games by Raymond C...
Treating your career path and training like leveling up in games by Raymond C...Alex Cachia
 
Digital forensics and giving evidence by Jonathan Haddock
Digital forensics and giving evidence by Jonathan Haddock Digital forensics and giving evidence by Jonathan Haddock
Digital forensics and giving evidence by Jonathan Haddock Alex Cachia
 
Software Security by Glenn Wilson
Software Security by Glenn WilsonSoftware Security by Glenn Wilson
Software Security by Glenn WilsonAlex Cachia
 
Data Preparation and the Importance of How Machines Learn by Rebecca Vickery
Data Preparation and the Importance of How Machines Learn by Rebecca VickeryData Preparation and the Importance of How Machines Learn by Rebecca Vickery
Data Preparation and the Importance of How Machines Learn by Rebecca VickeryAlex Cachia
 
Why Rust? by Edd Barrett (codeHarbour December 2019)
Why Rust? by Edd Barrett (codeHarbour December 2019)Why Rust? by Edd Barrett (codeHarbour December 2019)
Why Rust? by Edd Barrett (codeHarbour December 2019)Alex Cachia
 
Issue with tracking? Fail that build! by Steve Coppin-Smith (codeHarbour Nove...
Issue with tracking? Fail that build! by Steve Coppin-Smith (codeHarbour Nove...Issue with tracking? Fail that build! by Steve Coppin-Smith (codeHarbour Nove...
Issue with tracking? Fail that build! by Steve Coppin-Smith (codeHarbour Nove...Alex Cachia
 
Hack your voicemail with Javascript by Chris Willmott (codeHarbour October 2019)
Hack your voicemail with Javascript by Chris Willmott (codeHarbour October 2019)Hack your voicemail with Javascript by Chris Willmott (codeHarbour October 2019)
Hack your voicemail with Javascript by Chris Willmott (codeHarbour October 2019)Alex Cachia
 
Developing for Africa by Jonathan Haddock (codeHarbour October 2019)
Developing for Africa by Jonathan Haddock (codeHarbour October 2019)Developing for Africa by Jonathan Haddock (codeHarbour October 2019)
Developing for Africa by Jonathan Haddock (codeHarbour October 2019)Alex Cachia
 
Revving up with Reinforcement Learning by Ricardo Sueiras
Revving up with Reinforcement Learning by Ricardo SueirasRevving up with Reinforcement Learning by Ricardo Sueiras
Revving up with Reinforcement Learning by Ricardo SueirasAlex Cachia
 
Blockchain For Your Business by Kenneth Cox (codeHarbour July 2019)
Blockchain For Your Business by Kenneth Cox (codeHarbour July 2019)Blockchain For Your Business by Kenneth Cox (codeHarbour July 2019)
Blockchain For Your Business by Kenneth Cox (codeHarbour July 2019)Alex Cachia
 
Seeking Simplicity by Phil Nash (codeHarbour June 2019)
Seeking Simplicity by Phil Nash (codeHarbour June 2019)Seeking Simplicity by Phil Nash (codeHarbour June 2019)
Seeking Simplicity by Phil Nash (codeHarbour June 2019)Alex Cachia
 
Sharing Data is Caring Data by Mark Terry (codeHarbour June 2019)
Sharing Data is Caring Data by Mark Terry (codeHarbour June 2019)Sharing Data is Caring Data by Mark Terry (codeHarbour June 2019)
Sharing Data is Caring Data by Mark Terry (codeHarbour June 2019)Alex Cachia
 
Managing technical debt by Chris Willmott (codeHarbour April 2019)
Managing technical debt by Chris Willmott (codeHarbour April 2019)Managing technical debt by Chris Willmott (codeHarbour April 2019)
Managing technical debt by Chris Willmott (codeHarbour April 2019)Alex Cachia
 
Telephone Systems and Voice over IP by Bob Eager (codeHarbour April 2019)
Telephone Systems and Voice over IP by Bob Eager (codeHarbour April 2019)Telephone Systems and Voice over IP by Bob Eager (codeHarbour April 2019)
Telephone Systems and Voice over IP by Bob Eager (codeHarbour April 2019)Alex Cachia
 

More from Alex Cachia (20)

No Onions, No Tiers - An Introduction to Vertical Slice Architecture by Bill ...
No Onions, No Tiers - An Introduction to Vertical Slice Architecture by Bill ...No Onions, No Tiers - An Introduction to Vertical Slice Architecture by Bill ...
No Onions, No Tiers - An Introduction to Vertical Slice Architecture by Bill ...
 
Supporting IT by David Meares
Supporting IT by David MearesSupporting IT by David Meares
Supporting IT by David Meares
 
If you think open source is not for you, think again by Jane Chakravorty
If you think open source is not for you, think again by Jane ChakravortyIf you think open source is not for you, think again by Jane Chakravorty
If you think open source is not for you, think again by Jane Chakravorty
 
Chaos Engineering – why we should all practice breaking things on purpose by ...
Chaos Engineering – why we should all practice breaking things on purpose by ...Chaos Engineering – why we should all practice breaking things on purpose by ...
Chaos Engineering – why we should all practice breaking things on purpose by ...
 
A brief overview of the history and practice of user experience by Ian Westbrook
A brief overview of the history and practice of user experience by Ian WestbrookA brief overview of the history and practice of user experience by Ian Westbrook
A brief overview of the history and practice of user experience by Ian Westbrook
 
Return the carriage, feed the line by Aaron Taylor
Return the carriage, feed the line by Aaron TaylorReturn the carriage, feed the line by Aaron Taylor
Return the carriage, feed the line by Aaron Taylor
 
Treating your career path and training like leveling up in games by Raymond C...
Treating your career path and training like leveling up in games by Raymond C...Treating your career path and training like leveling up in games by Raymond C...
Treating your career path and training like leveling up in games by Raymond C...
 
Digital forensics and giving evidence by Jonathan Haddock
Digital forensics and giving evidence by Jonathan Haddock Digital forensics and giving evidence by Jonathan Haddock
Digital forensics and giving evidence by Jonathan Haddock
 
Software Security by Glenn Wilson
Software Security by Glenn WilsonSoftware Security by Glenn Wilson
Software Security by Glenn Wilson
 
Data Preparation and the Importance of How Machines Learn by Rebecca Vickery
Data Preparation and the Importance of How Machines Learn by Rebecca VickeryData Preparation and the Importance of How Machines Learn by Rebecca Vickery
Data Preparation and the Importance of How Machines Learn by Rebecca Vickery
 
Why Rust? by Edd Barrett (codeHarbour December 2019)
Why Rust? by Edd Barrett (codeHarbour December 2019)Why Rust? by Edd Barrett (codeHarbour December 2019)
Why Rust? by Edd Barrett (codeHarbour December 2019)
 
Issue with tracking? Fail that build! by Steve Coppin-Smith (codeHarbour Nove...
Issue with tracking? Fail that build! by Steve Coppin-Smith (codeHarbour Nove...Issue with tracking? Fail that build! by Steve Coppin-Smith (codeHarbour Nove...
Issue with tracking? Fail that build! by Steve Coppin-Smith (codeHarbour Nove...
 
Hack your voicemail with Javascript by Chris Willmott (codeHarbour October 2019)
Hack your voicemail with Javascript by Chris Willmott (codeHarbour October 2019)Hack your voicemail with Javascript by Chris Willmott (codeHarbour October 2019)
Hack your voicemail with Javascript by Chris Willmott (codeHarbour October 2019)
 
Developing for Africa by Jonathan Haddock (codeHarbour October 2019)
Developing for Africa by Jonathan Haddock (codeHarbour October 2019)Developing for Africa by Jonathan Haddock (codeHarbour October 2019)
Developing for Africa by Jonathan Haddock (codeHarbour October 2019)
 
Revving up with Reinforcement Learning by Ricardo Sueiras
Revving up with Reinforcement Learning by Ricardo SueirasRevving up with Reinforcement Learning by Ricardo Sueiras
Revving up with Reinforcement Learning by Ricardo Sueiras
 
Blockchain For Your Business by Kenneth Cox (codeHarbour July 2019)
Blockchain For Your Business by Kenneth Cox (codeHarbour July 2019)Blockchain For Your Business by Kenneth Cox (codeHarbour July 2019)
Blockchain For Your Business by Kenneth Cox (codeHarbour July 2019)
 
Seeking Simplicity by Phil Nash (codeHarbour June 2019)
Seeking Simplicity by Phil Nash (codeHarbour June 2019)Seeking Simplicity by Phil Nash (codeHarbour June 2019)
Seeking Simplicity by Phil Nash (codeHarbour June 2019)
 
Sharing Data is Caring Data by Mark Terry (codeHarbour June 2019)
Sharing Data is Caring Data by Mark Terry (codeHarbour June 2019)Sharing Data is Caring Data by Mark Terry (codeHarbour June 2019)
Sharing Data is Caring Data by Mark Terry (codeHarbour June 2019)
 
Managing technical debt by Chris Willmott (codeHarbour April 2019)
Managing technical debt by Chris Willmott (codeHarbour April 2019)Managing technical debt by Chris Willmott (codeHarbour April 2019)
Managing technical debt by Chris Willmott (codeHarbour April 2019)
 
Telephone Systems and Voice over IP by Bob Eager (codeHarbour April 2019)
Telephone Systems and Voice over IP by Bob Eager (codeHarbour April 2019)Telephone Systems and Voice over IP by Bob Eager (codeHarbour April 2019)
Telephone Systems and Voice over IP by Bob Eager (codeHarbour April 2019)
 

Recently uploaded

Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesSinan KOZAK
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii SoldatenkoFwdays
 
Artificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraArtificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraDeakin University
 
My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024The Digital Insurer
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticscarlostorres15106
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationSlibray Presentation
 
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Wonjun Hwang
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Scott Keck-Warren
 
Build your next Gen AI Breakthrough - April 2024
Build your next Gen AI Breakthrough - April 2024Build your next Gen AI Breakthrough - April 2024
Build your next Gen AI Breakthrough - April 2024Neo4j
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsRizwan Syed
 
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024BookNet Canada
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Mark Simos
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsMark Billinghurst
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Patryk Bandurski
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitecturePixlogix Infotech
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024Lorenzo Miniero
 

Recently uploaded (20)

Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko
 
Hot Sexy call girls in Panjabi Bagh 🔝 9953056974 🔝 Delhi escort Service
Hot Sexy call girls in Panjabi Bagh 🔝 9953056974 🔝 Delhi escort ServiceHot Sexy call girls in Panjabi Bagh 🔝 9953056974 🔝 Delhi escort Service
Hot Sexy call girls in Panjabi Bagh 🔝 9953056974 🔝 Delhi escort Service
 
Artificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraArtificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning era
 
My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
 
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptxE-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck Presentation
 
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024
 
Build your next Gen AI Breakthrough - April 2024
Build your next Gen AI Breakthrough - April 2024Build your next Gen AI Breakthrough - April 2024
Build your next Gen AI Breakthrough - April 2024
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL Certs
 
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR Systems
 
DMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special EditionDMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special Edition
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC Architecture
 
Vulnerability_Management_GRC_by Sohang Sengupta.pptx
Vulnerability_Management_GRC_by Sohang Sengupta.pptxVulnerability_Management_GRC_by Sohang Sengupta.pptx
Vulnerability_Management_GRC_by Sohang Sengupta.pptx
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024
 

OWASP Top 10 2021 - let's take a closer look by Glenn Wilson

Editor's Notes

  1. Awareness training
  2. Tools cannot comprehensively detect, test, or protect against the OWASP Top 10 due to the nature of several of the OWASP Top 10 risks
  3. OWASP discourages any claims of full coverage of the OWASP Top 10, because it’s simply untrue.
  4. OWASP encourages anyone wanting to adopt an application security standard to use the OWASP Application Security Verification Standard (ASVS), as it’s designed to be verifiable and tested, and can be used in all parts of a secure development lifecycle.