1. This is to introduce and promote OWASP Top 10 - 2013 Japanese version. 2. I am from Taiwan, stayed in several cities in Japan. I do security in Rakuten Inc. I translated OWASP Top 10 - 2013 from English into Japanese. I'm promoting OWASP Top 10. 3. Top 10 is a very comprehensive document about web app security RISK. Risk is the out come of occurrence and impact. That means you need to evaluate your own risk. Top 10 is very up to date with 3 year version up cycle. Top 10 is recently referred by PCI DSS v3.0 and many famous organizations. 4. There are some category created and ranking switched in the 2013 version. 5. Here is the risk assessment methodology for Top 10. 6. Top 10 introduce risks with the risk assessment methodology for you to evaluate for yourself. 7. Top 10 tells you how to check/prevent these risks. 8. Top 10 also provide you some attack scenarios and free references. 9. Top 10 is best to be used for security awareness in the early stage before you start developing projects. Security test/countermeasure after deployment is not good enough. The best practice is to take security into consideration while launching development. 10. Check OWASP Top 10 today! Let me know if you have any question or comment. Thank you!

1. OWASP Top 10 -2013 in JAPANESE!
Chia-Lung AlbertHsiehAsia Tour 2014
November 29th

2. Albert Hsieh (謝佳龍)
•Came from Taiwan since 2007
–Kobe, Kyoto, then Tokyo
•Work as Security Engineer
–RakutenInc.
•Translated OWASP Top 10 –2013
–English JAPANESE
•Promoting Top 10
–Article in Nikkei NETWORK (Mar. 2014)
–Speeches in OWASP Night, AppSecAPAC

3. OWASP Top 10
•OWASP Top 10 –2013
–Web App Security RISK
–Occurrence * Impactevaluate by yourself!
•Up to date
–3 year update cycle since 2004
•Referred by PCI DSS v3.0
–And NSA, Microsoft, ORACLE, CITRIX, etc.
–de facto!

4. Take a Look!
–Rank switched
–New category created

5. Take a Look!

6. Take a Look!

7. Take a Look!
–How to check?
–How to prevent?

8. Take a Look!
–Example Scenarios
–Free References

9. How to Use
要件
設計
実装
テスト
運用
後からセキュリティ検証
だけでは足りない！
最初からセキュリティを
意識しながら開発が必要！

10. Thank you!
–Contact me if you have any comment about the Japanese version! chialung.hsieh(at)mail.rakuten.com
OWASP Top 10