SlideShare a Scribd company logo

Asvs v4 developers and founders

Hemed Gur Ary
Hemed Gur Ary

OWASP Sydney May 2019 presentation

Technology
1 of 18
Download to read offline
OWASP ASVS V.4 for Startup Founders and Developers Hemed Gur Ary 22 May 2019
Sponsors
OWASP Sydney • What is OWASP anyway? • Sydney is a new formal chapter • Character will depend on volunteers
Sydney Leaders Reece Stewart Head Of Business Development Alcorn Group Hemi Gur Ary CTO VATA
ASVS Project Overview • Application Security Verification Standard project provides a basis for testing web application technical security controls
ASVS Structure • About • What’s new • Using the ASVS (Levels) • Requirements • Appendices
Requirements • Architecture, Design and Threat Modeling • Authentication • Session Management • Access Control • Validation, Sanitization and Encoding • Stored Cryptography • Error Handling and Logging • Data Protection • Communications • Malicious Code • Deployed Application Integrity • Business Logic • File and Resources • API and Web Service
We are here because • Security is important • We want to learn about OWASP ASVS • We want our lives to be easier as… • We …
More Benefits Founder Developer Business Enablement Career Boost Investing in your technological savings Reduce chatter around security Proactively secure your start up Proactively secure your application Minimizing security costs in development and incidents An intelligent security discussion An intelligent security discussion
ASVS Project Goal • Standardise security verification in a practical way OWASP Top 10 does not achieve this goal
Pen testing soft spot
OWASP Top Ten Limitations • Awareness tool • High Level • Lists vulnerabilities and not requirements • Not inclusive
ASVS strong points • Specific, Measurable, Achievable, Realistic, Time • Can be used across organisations • Aligned with OWASP Top 10 and CWE
Practical Uses For Founders • Internal application security policy • Security Assurance for customers and investors • Contractual clauses with suppliers
Practical Uses For Developers • Map to secure an application from start to end • Learning tool • Testing use case
Takeaways • ASVS understanding • Practical uses • Ideas to volunteer with OWASP

Recommended

Security as an Enabler for the Digital World - CISO Perspective
Security as an Enabler for the Digital World - CISO PerspectiveSecurity as an Enabler for the Digital World - CISO Perspective
Security as an Enabler for the Digital World - CISO PerspectiveApigee | Google Cloud
 
I365 presentation
I365 presentationI365 presentation
I365 presentationMCS621
 
Webinar Wednesday: Locking Up the Cloud
Webinar Wednesday: Locking Up the CloudWebinar Wednesday: Locking Up the Cloud
Webinar Wednesday: Locking Up the CloudAccellis Technology Group
 
EW Consultants - Company Profile
EW Consultants - Company ProfileEW Consultants - Company Profile
EW Consultants - Company ProfileGourav Ladha
 
CIS 2015 The IDaaS Dating Game - Sean Deuby
CIS 2015 The IDaaS Dating Game - Sean DeubyCIS 2015 The IDaaS Dating Game - Sean Deuby
CIS 2015 The IDaaS Dating Game - Sean DeubyCloudIDSummit
 
Shawn Harris - CCSP SAH v2
Shawn Harris - CCSP SAH v2Shawn Harris - CCSP SAH v2
Shawn Harris - CCSP SAH v2Trish McGinity, CCSK
 
Improving Application Security With Azure
Improving Application Security With AzureImproving Application Security With Azure
Improving Application Security With AzureSoftchoice Corporation
 
Developing a Rugged Dev Ops Approach to Cloud Security (Updated)
Developing a Rugged Dev Ops Approach to Cloud Security (Updated)Developing a Rugged Dev Ops Approach to Cloud Security (Updated)
Developing a Rugged Dev Ops Approach to Cloud Security (Updated)Sebastian Taphanel CISSP-ISSEP
 

Recommended

Security as an Enabler for the Digital World - CISO Perspective
Security as an Enabler for the Digital World - CISO PerspectiveSecurity as an Enabler for the Digital World - CISO Perspective
Security as an Enabler for the Digital World - CISO PerspectiveApigee | Google Cloud
 
I365 presentation
I365 presentationI365 presentation
I365 presentationMCS621
 
Webinar Wednesday: Locking Up the Cloud
Webinar Wednesday: Locking Up the CloudWebinar Wednesday: Locking Up the Cloud
Webinar Wednesday: Locking Up the CloudAccellis Technology Group
 
EW Consultants - Company Profile
EW Consultants - Company ProfileEW Consultants - Company Profile
EW Consultants - Company ProfileGourav Ladha
 
CIS 2015 The IDaaS Dating Game - Sean Deuby
CIS 2015 The IDaaS Dating Game - Sean DeubyCIS 2015 The IDaaS Dating Game - Sean Deuby
CIS 2015 The IDaaS Dating Game - Sean DeubyCloudIDSummit
 
Shawn Harris - CCSP SAH v2
Shawn Harris - CCSP SAH v2Shawn Harris - CCSP SAH v2
Shawn Harris - CCSP SAH v2Trish McGinity, CCSK
 
Improving Application Security With Azure
Improving Application Security With AzureImproving Application Security With Azure
Improving Application Security With AzureSoftchoice Corporation
 
Developing a Rugged Dev Ops Approach to Cloud Security (Updated)
Developing a Rugged Dev Ops Approach to Cloud Security (Updated)Developing a Rugged Dev Ops Approach to Cloud Security (Updated)
Developing a Rugged Dev Ops Approach to Cloud Security (Updated)Sebastian Taphanel CISSP-ISSEP
 
Evident io Continuous Compliance - Mar 2017
Evident io Continuous Compliance - Mar 2017Evident io Continuous Compliance - Mar 2017
Evident io Continuous Compliance - Mar 2017Sebastian Taphanel CISSP-ISSEP
 
easySERVICE Data Solutions Company Capabilities
easySERVICE Data Solutions Company CapabilitieseasySERVICE Data Solutions Company Capabilities
easySERVICE Data Solutions Company CapabilitiesAnisha Gupta
 
Richard Chang_UVP
Richard Chang_UVPRichard Chang_UVP
Richard Chang_UVPrchang1967
 
Itmgen 4317 security
Itmgen 4317 securityItmgen 4317 security
Itmgen 4317 securityCisco
 
Why information security is becoming the most important for mid size business...
Why information security is becoming the most important for mid size business...Why information security is becoming the most important for mid size business...
Why information security is becoming the most important for mid size business...Ajay p
 
Wadoop vivek shrivastava
Wadoop vivek shrivastavaWadoop vivek shrivastava
Wadoop vivek shrivastavaData Con LA
 
DevSecOps in 10 minutes
DevSecOps in 10 minutesDevSecOps in 10 minutes
DevSecOps in 10 minuteskieranjacobsen
 
Dev Breakfast: Level up to DevSecOps
Dev Breakfast: Level up to DevSecOpsDev Breakfast: Level up to DevSecOps
Dev Breakfast: Level up to DevSecOpskieranjacobsen
 
CSA colorado 2016 presentation CloudPassage
CSA colorado 2016 presentation CloudPassageCSA colorado 2016 presentation CloudPassage
CSA colorado 2016 presentation CloudPassageTrish McGinity, CCSK
 
Veritec at a glance
Veritec at a glanceVeritec at a glance
Veritec at a glanceOlivia Cosgrove
 
Hotels, Hookups and Video Conferencing: A Top 10 Countdown to 2020's Worst Da...
Hotels, Hookups and Video Conferencing: A Top 10 Countdown to 2020's Worst Da...Hotels, Hookups and Video Conferencing: A Top 10 Countdown to 2020's Worst Da...
Hotels, Hookups and Video Conferencing: A Top 10 Countdown to 2020's Worst Da...DevOps.com
 
SharePoint and Office 365 Security Tool - SysKit Security Manager
SharePoint and Office 365 Security Tool - SysKit Security ManagerSharePoint and Office 365 Security Tool - SysKit Security Manager
SharePoint and Office 365 Security Tool - SysKit Security ManagerSysKit Ltd
 
CIS 2015 Virtual Identity: The Vision, Challenges and Experiences in Driving ...
CIS 2015 Virtual Identity: The Vision, Challenges and Experiences in Driving ...CIS 2015 Virtual Identity: The Vision, Challenges and Experiences in Driving ...
CIS 2015 Virtual Identity: The Vision, Challenges and Experiences in Driving ...CloudIDSummit
 
GPS - Corporate Overview
GPS - Corporate OverviewGPS - Corporate Overview
GPS - Corporate OverviewTawnia Beckwith
 
David Slater G-Cloud Meet Up
David Slater G-Cloud Meet UpDavid Slater G-Cloud Meet Up
David Slater G-Cloud Meet UpWeAreEsynergy
 
Interop Las Vegas Cloud Connect Summit 2014 - Software Defined Data Center
Interop Las Vegas Cloud Connect Summit 2014 - Software Defined Data CenterInterop Las Vegas Cloud Connect Summit 2014 - Software Defined Data Center
Interop Las Vegas Cloud Connect Summit 2014 - Software Defined Data CenterScott Carlson
 
Cloud security for financial services
Cloud security for financial servicesCloud security for financial services
Cloud security for financial servicesMoshe Ferber
 
#ALSummit: Accenture - Making the Move: Enabling Security in the Cloud
#ALSummit: Accenture - Making the Move: Enabling Security in the Cloud#ALSummit: Accenture - Making the Move: Enabling Security in the Cloud
#ALSummit: Accenture - Making the Move: Enabling Security in the CloudAlert Logic
 
Building excellence in support
Building excellence in supportBuilding excellence in support
Building excellence in supportJeff Green
 
Cisco aci and AlgoSec webinar
Cisco aci and AlgoSec webinar Cisco aci and AlgoSec webinar
Cisco aci and AlgoSec webinar Maytal Levi
 
DevSecOps-Explained-converted.pptx
DevSecOps-Explained-converted.pptxDevSecOps-Explained-converted.pptx
DevSecOps-Explained-converted.pptxGurajalanaganarasimh
 
How We Should Think About Security
How We Should Think About SecurityHow We Should Think About Security
How We Should Think About SecurityAmazon Web Services
 

More Related Content

What's hot

easySERVICE Data Solutions Company Capabilities
easySERVICE Data Solutions Company CapabilitieseasySERVICE Data Solutions Company Capabilities
easySERVICE Data Solutions Company CapabilitiesAnisha Gupta
 
Richard Chang_UVP
Richard Chang_UVPRichard Chang_UVP
Richard Chang_UVPrchang1967
 
Itmgen 4317 security
Itmgen 4317 securityItmgen 4317 security
Itmgen 4317 securityCisco
 
Why information security is becoming the most important for mid size business...
Why information security is becoming the most important for mid size business...Why information security is becoming the most important for mid size business...
Why information security is becoming the most important for mid size business...Ajay p
 
Wadoop vivek shrivastava
Wadoop vivek shrivastavaWadoop vivek shrivastava
Wadoop vivek shrivastavaData Con LA
 
DevSecOps in 10 minutes
DevSecOps in 10 minutesDevSecOps in 10 minutes
DevSecOps in 10 minuteskieranjacobsen
 
Dev Breakfast: Level up to DevSecOps
Dev Breakfast: Level up to DevSecOpsDev Breakfast: Level up to DevSecOps
Dev Breakfast: Level up to DevSecOpskieranjacobsen
 
CSA colorado 2016 presentation CloudPassage
CSA colorado 2016 presentation CloudPassageCSA colorado 2016 presentation CloudPassage
CSA colorado 2016 presentation CloudPassageTrish McGinity, CCSK
 
Hotels, Hookups and Video Conferencing: A Top 10 Countdown to 2020's Worst Da...
Hotels, Hookups and Video Conferencing: A Top 10 Countdown to 2020's Worst Da...Hotels, Hookups and Video Conferencing: A Top 10 Countdown to 2020's Worst Da...
Hotels, Hookups and Video Conferencing: A Top 10 Countdown to 2020's Worst Da...DevOps.com
 
SharePoint and Office 365 Security Tool - SysKit Security Manager
SharePoint and Office 365 Security Tool - SysKit Security ManagerSharePoint and Office 365 Security Tool - SysKit Security Manager
SharePoint and Office 365 Security Tool - SysKit Security ManagerSysKit Ltd
 
CIS 2015 Virtual Identity: The Vision, Challenges and Experiences in Driving ...
CIS 2015 Virtual Identity: The Vision, Challenges and Experiences in Driving ...CIS 2015 Virtual Identity: The Vision, Challenges and Experiences in Driving ...
CIS 2015 Virtual Identity: The Vision, Challenges and Experiences in Driving ...CloudIDSummit
 
GPS - Corporate Overview
GPS - Corporate OverviewGPS - Corporate Overview
GPS - Corporate OverviewTawnia Beckwith
 
David Slater G-Cloud Meet Up
David Slater G-Cloud Meet UpDavid Slater G-Cloud Meet Up
David Slater G-Cloud Meet UpWeAreEsynergy
 
Interop Las Vegas Cloud Connect Summit 2014 - Software Defined Data Center
Interop Las Vegas Cloud Connect Summit 2014 - Software Defined Data CenterInterop Las Vegas Cloud Connect Summit 2014 - Software Defined Data Center
Interop Las Vegas Cloud Connect Summit 2014 - Software Defined Data CenterScott Carlson
 
Cloud security for financial services
Cloud security for financial servicesCloud security for financial services
Cloud security for financial servicesMoshe Ferber
 
#ALSummit: Accenture - Making the Move: Enabling Security in the Cloud
#ALSummit: Accenture - Making the Move: Enabling Security in the Cloud#ALSummit: Accenture - Making the Move: Enabling Security in the Cloud
#ALSummit: Accenture - Making the Move: Enabling Security in the CloudAlert Logic
 
Building excellence in support
Building excellence in supportBuilding excellence in support
Building excellence in supportJeff Green
 
Cisco aci and AlgoSec webinar
Cisco aci and AlgoSec webinar Cisco aci and AlgoSec webinar
Cisco aci and AlgoSec webinar Maytal Levi
 

What's hot (20)

Evident io Continuous Compliance - Mar 2017
Evident io Continuous Compliance - Mar 2017Evident io Continuous Compliance - Mar 2017
Evident io Continuous Compliance - Mar 2017
 
easySERVICE Data Solutions Company Capabilities
easySERVICE Data Solutions Company CapabilitieseasySERVICE Data Solutions Company Capabilities
easySERVICE Data Solutions Company Capabilities
 
Richard Chang_UVP
Richard Chang_UVPRichard Chang_UVP
Richard Chang_UVP
 
Itmgen 4317 security
Itmgen 4317 securityItmgen 4317 security
Itmgen 4317 security
 
Why information security is becoming the most important for mid size business...
Why information security is becoming the most important for mid size business...Why information security is becoming the most important for mid size business...
Why information security is becoming the most important for mid size business...
 
Wadoop vivek shrivastava
Wadoop vivek shrivastavaWadoop vivek shrivastava
Wadoop vivek shrivastava
 
DevSecOps in 10 minutes
DevSecOps in 10 minutesDevSecOps in 10 minutes
DevSecOps in 10 minutes
 
Dev Breakfast: Level up to DevSecOps
Dev Breakfast: Level up to DevSecOpsDev Breakfast: Level up to DevSecOps
Dev Breakfast: Level up to DevSecOps
 
CSA colorado 2016 presentation CloudPassage
CSA colorado 2016 presentation CloudPassageCSA colorado 2016 presentation CloudPassage
CSA colorado 2016 presentation CloudPassage
 
Veritec at a glance
Veritec at a glanceVeritec at a glance
Veritec at a glance
 
Hotels, Hookups and Video Conferencing: A Top 10 Countdown to 2020's Worst Da...
Hotels, Hookups and Video Conferencing: A Top 10 Countdown to 2020's Worst Da...Hotels, Hookups and Video Conferencing: A Top 10 Countdown to 2020's Worst Da...
Hotels, Hookups and Video Conferencing: A Top 10 Countdown to 2020's Worst Da...
 
SharePoint and Office 365 Security Tool - SysKit Security Manager
SharePoint and Office 365 Security Tool - SysKit Security ManagerSharePoint and Office 365 Security Tool - SysKit Security Manager
SharePoint and Office 365 Security Tool - SysKit Security Manager
 
CIS 2015 Virtual Identity: The Vision, Challenges and Experiences in Driving ...
CIS 2015 Virtual Identity: The Vision, Challenges and Experiences in Driving ...CIS 2015 Virtual Identity: The Vision, Challenges and Experiences in Driving ...
CIS 2015 Virtual Identity: The Vision, Challenges and Experiences in Driving ...
 
GPS - Corporate Overview
GPS - Corporate OverviewGPS - Corporate Overview
GPS - Corporate Overview
 
David Slater G-Cloud Meet Up
David Slater G-Cloud Meet UpDavid Slater G-Cloud Meet Up
David Slater G-Cloud Meet Up
 
Interop Las Vegas Cloud Connect Summit 2014 - Software Defined Data Center
Interop Las Vegas Cloud Connect Summit 2014 - Software Defined Data CenterInterop Las Vegas Cloud Connect Summit 2014 - Software Defined Data Center
Interop Las Vegas Cloud Connect Summit 2014 - Software Defined Data Center
 
Cloud security for financial services
Cloud security for financial servicesCloud security for financial services
Cloud security for financial services
 
#ALSummit: Accenture - Making the Move: Enabling Security in the Cloud
#ALSummit: Accenture - Making the Move: Enabling Security in the Cloud#ALSummit: Accenture - Making the Move: Enabling Security in the Cloud
#ALSummit: Accenture - Making the Move: Enabling Security in the Cloud
 
Building excellence in support
Building excellence in supportBuilding excellence in support
Building excellence in support
 
Cisco aci and AlgoSec webinar
Cisco aci and AlgoSec webinar Cisco aci and AlgoSec webinar
Cisco aci and AlgoSec webinar
 

Similar to Asvs v4 developers and founders

DevSecOps-Explained-converted.pptx
DevSecOps-Explained-converted.pptxDevSecOps-Explained-converted.pptx
DevSecOps-Explained-converted.pptxGurajalanaganarasimh
 
How We Should Think About Security
How We Should Think About SecurityHow We Should Think About Security
How We Should Think About SecurityAmazon Web Services
 
ISACA Ireland Keynote 2015
ISACA Ireland Keynote 2015ISACA Ireland Keynote 2015
ISACA Ireland Keynote 2015Shannon Lietz
 
Your Resolution for 2018: Five Principles For Securing DevOps
Your Resolution for 2018: Five Principles For Securing DevOpsYour Resolution for 2018: Five Principles For Securing DevOps
Your Resolution for 2018: Five Principles For Securing DevOpsDevOps.com
 
Addvantum Oracle Profile OFMW
Addvantum Oracle Profile OFMW Addvantum Oracle Profile OFMW
Addvantum Oracle Profile OFMW Addvantum
 
Building Production-Ready Microservices: DevopsExchangeSF
Building Production-Ready Microservices: DevopsExchangeSFBuilding Production-Ready Microservices: DevopsExchangeSF
Building Production-Ready Microservices: DevopsExchangeSFMichael Kehoe
 
The What, Why, and How of DevSecOps
The What, Why, and How of DevSecOpsThe What, Why, and How of DevSecOps
The What, Why, and How of DevSecOpsCprime
 
Embrace DevSecOps and Enjoy a Significant Competitive Advantage!
Embrace DevSecOps and Enjoy a Significant Competitive Advantage!Embrace DevSecOps and Enjoy a Significant Competitive Advantage!
Embrace DevSecOps and Enjoy a Significant Competitive Advantage!DevOps.com
 
Considerations for your Cloud Journey
Considerations for your Cloud JourneyConsiderations for your Cloud Journey
Considerations for your Cloud JourneyAmazon Web Services
 
Managed security services
Managed security servicesManaged security services
Managed security servicesmanoharparakh
 
SSO Agility Made Possible - November 2014
SSO Agility Made Possible - November 2014SSO Agility Made Possible - November 2014
SSO Agility Made Possible - November 2014Andrew Ames
 
ISYX HANA MIGRATION SERVICES
ISYX HANA MIGRATION SERVICESISYX HANA MIGRATION SERVICES
ISYX HANA MIGRATION SERVICESSandeep Mahindra
 
Succeeding-Marriage-Cybersecurity-DevOps final
Succeeding-Marriage-Cybersecurity-DevOps finalSucceeding-Marriage-Cybersecurity-DevOps final
Succeeding-Marriage-Cybersecurity-DevOps finalrkadayam
 
McKesson Case Study
McKesson Case StudyMcKesson Case Study
McKesson Case StudyForgeRock
 
Building Secure Apps in the Cloud - Dreamforce - 9/20
Building Secure Apps in the Cloud - Dreamforce - 9/20Building Secure Apps in the Cloud - Dreamforce - 9/20
Building Secure Apps in the Cloud - Dreamforce - 9/20Salesforce Partners
 
Developer Conference 2.1 - (Cloud) First Steps to the Cloud
Developer Conference 2.1 - (Cloud) First Steps to the CloudDeveloper Conference 2.1 - (Cloud) First Steps to the Cloud
Developer Conference 2.1 - (Cloud) First Steps to the CloudMicro Focus
 
Assessing Your Company's Cloud Readiness
Assessing Your Company's Cloud ReadinessAssessing Your Company's Cloud Readiness
Assessing Your Company's Cloud ReadinessAmazon Web Services
 
Develop an Enterprise-wide Cloud Adoption Strategy – Chris Merrigan
Develop an Enterprise-wide Cloud Adoption Strategy – Chris MerriganDevelop an Enterprise-wide Cloud Adoption Strategy – Chris Merrigan
Develop an Enterprise-wide Cloud Adoption Strategy – Chris MerriganAmazon Web Services
 
SC conference - Building AppSec Teams
SC conference - Building AppSec TeamsSC conference - Building AppSec Teams
SC conference - Building AppSec TeamsDinis Cruz
 

Similar to Asvs v4 developers and founders (20)

DevSecOps-Explained-converted.pptx
DevSecOps-Explained-converted.pptxDevSecOps-Explained-converted.pptx
DevSecOps-Explained-converted.pptx
 
How We Should Think About Security
How We Should Think About SecurityHow We Should Think About Security
How We Should Think About Security
 
ISACA Ireland Keynote 2015
ISACA Ireland Keynote 2015ISACA Ireland Keynote 2015
ISACA Ireland Keynote 2015
 
Your Resolution for 2018: Five Principles For Securing DevOps
Your Resolution for 2018: Five Principles For Securing DevOpsYour Resolution for 2018: Five Principles For Securing DevOps
Your Resolution for 2018: Five Principles For Securing DevOps
 
Addvantum Oracle Profile OFMW
Addvantum Oracle Profile OFMW Addvantum Oracle Profile OFMW
Addvantum Oracle Profile OFMW
 
Building Production-Ready Microservices: DevopsExchangeSF
Building Production-Ready Microservices: DevopsExchangeSFBuilding Production-Ready Microservices: DevopsExchangeSF
Building Production-Ready Microservices: DevopsExchangeSF
 
The What, Why, and How of DevSecOps
The What, Why, and How of DevSecOpsThe What, Why, and How of DevSecOps
The What, Why, and How of DevSecOps
 
Embrace DevSecOps and Enjoy a Significant Competitive Advantage!
Embrace DevSecOps and Enjoy a Significant Competitive Advantage!Embrace DevSecOps and Enjoy a Significant Competitive Advantage!
Embrace DevSecOps and Enjoy a Significant Competitive Advantage!
 
Considerations for your Cloud Journey
Considerations for your Cloud JourneyConsiderations for your Cloud Journey
Considerations for your Cloud Journey
 
Managed security services
Managed security servicesManaged security services
Managed security services
 
SSO Agility Made Possible - November 2014
SSO Agility Made Possible - November 2014SSO Agility Made Possible - November 2014
SSO Agility Made Possible - November 2014
 
Azure IaaS Seminar - August 2013
Azure IaaS Seminar - August 2013Azure IaaS Seminar - August 2013
Azure IaaS Seminar - August 2013
 
ISYX HANA MIGRATION SERVICES
ISYX HANA MIGRATION SERVICESISYX HANA MIGRATION SERVICES
ISYX HANA MIGRATION SERVICES
 
Succeeding-Marriage-Cybersecurity-DevOps final
Succeeding-Marriage-Cybersecurity-DevOps finalSucceeding-Marriage-Cybersecurity-DevOps final
Succeeding-Marriage-Cybersecurity-DevOps final
 
McKesson Case Study
McKesson Case StudyMcKesson Case Study
McKesson Case Study
 
Building Secure Apps in the Cloud - Dreamforce - 9/20
Building Secure Apps in the Cloud - Dreamforce - 9/20Building Secure Apps in the Cloud - Dreamforce - 9/20
Building Secure Apps in the Cloud - Dreamforce - 9/20
 
Developer Conference 2.1 - (Cloud) First Steps to the Cloud
Developer Conference 2.1 - (Cloud) First Steps to the CloudDeveloper Conference 2.1 - (Cloud) First Steps to the Cloud
Developer Conference 2.1 - (Cloud) First Steps to the Cloud
 
Assessing Your Company's Cloud Readiness
Assessing Your Company's Cloud ReadinessAssessing Your Company's Cloud Readiness
Assessing Your Company's Cloud Readiness
 
Develop an Enterprise-wide Cloud Adoption Strategy – Chris Merrigan
Develop an Enterprise-wide Cloud Adoption Strategy – Chris MerriganDevelop an Enterprise-wide Cloud Adoption Strategy – Chris Merrigan
Develop an Enterprise-wide Cloud Adoption Strategy – Chris Merrigan
 
SC conference - Building AppSec Teams
SC conference - Building AppSec TeamsSC conference - Building AppSec Teams
SC conference - Building AppSec Teams
 

Recently uploaded

08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Servicegiselly40
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Igalia
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure servicePooja Nehwal
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024The Digital Insurer
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxOnBoard
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Allon Mureinik
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...HostedbyConfluent
 

Recently uploaded (20)

08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptx
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
 

Asvs v4 developers and founders

  • 1. OWASP ASVS V.4 for Startup Founders and Developers Hemed Gur Ary 22 May 2019
  • 2.
  • 3.
  • 5. OWASP Sydney • What is OWASP anyway? • Sydney is a new formal chapter • Character will depend on volunteers
  • 6. Sydney Leaders Reece Stewart Head Of Business Development Alcorn Group Hemi Gur Ary CTO VATA
  • 7. ASVS Project Overview • Application Security Verification Standard project provides a basis for testing web application technical security controls
  • 8. ASVS Structure • About • What’s new • Using the ASVS (Levels) • Requirements • Appendices
  • 9. Requirements • Architecture, Design and Threat Modeling • Authentication • Session Management • Access Control • Validation, Sanitization and Encoding • Stored Cryptography • Error Handling and Logging • Data Protection • Communications • Malicious Code • Deployed Application Integrity • Business Logic • File and Resources • API and Web Service
  • 10. We are here because • Security is important • We want to learn about OWASP ASVS • We want our lives to be easier as… • We …
  • 11. More Benefits Founder Developer Business Enablement Career Boost Investing in your technological savings Reduce chatter around security Proactively secure your start up Proactively secure your application Minimizing security costs in development and incidents An intelligent security discussion An intelligent security discussion
  • 12. ASVS Project Goal • Standardise security verification in a practical way OWASP Top 10 does not achieve this goal
  • 14. OWASP Top Ten Limitations • Awareness tool • High Level • Lists vulnerabilities and not requirements • Not inclusive
  • 15. ASVS strong points • Specific, Measurable, Achievable, Realistic, Time • Can be used across organisations • Aligned with OWASP Top 10 and CWE
  • 16. Practical Uses For Founders • Internal application security policy • Security Assurance for customers and investors • Contractual clauses with suppliers
  • 17. Practical Uses For Developers • Map to secure an application from start to end • Learning tool • Testing use case
  • 18. Takeaways • ASVS understanding • Practical uses • Ideas to volunteer with OWASP