SlideShare a Scribd company logo

23 owasp top 10 - resources

A
appsec

owasp top 10 - resources

Technology
1 of 2
OWASP Top-10 2013 Resources The Top 10 Most Critical Web Application Security Risks https://www.owasp.org/index.php/Top_10_2013-Top_10
Summary: How do you address these problems? • Develop Secure Code – Follow the best practices in OWASP’s Guide to Building Secure Web Applications • https://www.owasp.org/index.php/Guide • And the cheat sheets: https://www.owasp.org/index.php/Cheat_Sheets – Use OWASP’s Application Security Verification Standard as a guide to what an application needs to be secure • https://www.owasp.org/index.php/ASVS – Use standard security components that are a fit for your organization • Use OWASP’s ESAPI as a basis for your standard components • https://www.owasp.org/index.php/ESAPI • Review Your Applications – Have an expert team review your applications – Review your applications yourselves following OWASP Guidelines • OWASP Code Review Guide: https://www.owasp.org/index.php/Code_Review_Guide • OWASP Testing Guide: https://www.owasp.org/index.php/Testing_Guide

Recommended

OWASP top10 2017, Montpellier JUG de Noel
OWASP top10 2017, Montpellier JUG de NoelOWASP top10 2017, Montpellier JUG de Noel
OWASP top10 2017, Montpellier JUG de NoelHubert Gregoire
 
Introduction to OWASP
Introduction to OWASPIntroduction to OWASP
Introduction to OWASPThomas F. "T.J." Maher Jr.
 
CiNPA Security SIG - AppSec Presentation
CiNPA Security SIG - AppSec PresentationCiNPA Security SIG - AppSec Presentation
CiNPA Security SIG - AppSec PresentationCiNPA Security SIG
 
SARCON Talk - Vandana Verma Sehgal
SARCON Talk - Vandana Verma SehgalSARCON Talk - Vandana Verma Sehgal
SARCON Talk - Vandana Verma SehgalVandana Verma
 
Hack your site before someone else does it
Hack your site before someone else does itHack your site before someone else does it
Hack your site before someone else does itTaras Romanyk
 
Defensive programming 101
Defensive programming 101Defensive programming 101
Defensive programming 101Niall Merrigan
 
Running an app sec program with OWASP projects_ Defcon AppSec Village
Running an app sec program with OWASP projects_ Defcon AppSec VillageRunning an app sec program with OWASP projects_ Defcon AppSec Village
Running an app sec program with OWASP projects_ Defcon AppSec VillageVandana Verma
 
OWASP TOP10 2017 - Nowa lista przebojów podatności
OWASP TOP10 2017 - Nowa lista przebojów podatnościOWASP TOP10 2017 - Nowa lista przebojów podatności
OWASP TOP10 2017 - Nowa lista przebojów podatnościklagrz
 

Recommended

OWASP top10 2017, Montpellier JUG de Noel
OWASP top10 2017, Montpellier JUG de NoelOWASP top10 2017, Montpellier JUG de Noel
OWASP top10 2017, Montpellier JUG de NoelHubert Gregoire
 
Introduction to OWASP
Introduction to OWASPIntroduction to OWASP
Introduction to OWASPThomas F. "T.J." Maher Jr.
 
CiNPA Security SIG - AppSec Presentation
CiNPA Security SIG - AppSec PresentationCiNPA Security SIG - AppSec Presentation
CiNPA Security SIG - AppSec PresentationCiNPA Security SIG
 
SARCON Talk - Vandana Verma Sehgal
SARCON Talk - Vandana Verma SehgalSARCON Talk - Vandana Verma Sehgal
SARCON Talk - Vandana Verma SehgalVandana Verma
 
Hack your site before someone else does it
Hack your site before someone else does itHack your site before someone else does it
Hack your site before someone else does itTaras Romanyk
 
Defensive programming 101
Defensive programming 101Defensive programming 101
Defensive programming 101Niall Merrigan
 
Running an app sec program with OWASP projects_ Defcon AppSec Village
Running an app sec program with OWASP projects_ Defcon AppSec VillageRunning an app sec program with OWASP projects_ Defcon AppSec Village
Running an app sec program with OWASP projects_ Defcon AppSec VillageVandana Verma
 
OWASP TOP10 2017 - Nowa lista przebojów podatności
OWASP TOP10 2017 - Nowa lista przebojów podatnościOWASP TOP10 2017 - Nowa lista przebojów podatności
OWASP TOP10 2017 - Nowa lista przebojów podatnościklagrz
 
[1.1] Почему вам стоит поучаствовать в жизни OWASP Russia - Александр Антух
[1.1] Почему вам стоит поучаствовать в жизни OWASP Russia - Александр Антух[1.1] Почему вам стоит поучаствовать в жизни OWASP Russia - Александр Антух
[1.1] Почему вам стоит поучаствовать в жизни OWASP Russia - Александр АнтухOWASP Russia
 
Architect's Guide to Building an API Program
Architect's Guide to Building an API ProgramArchitect's Guide to Building an API Program
Architect's Guide to Building an API Programclatimer
 
12 owasp top 10 - introduction
12 owasp top 10 - introduction12 owasp top 10 - introduction
12 owasp top 10 - introductionappsec
 
Owasp Serbia overview
Owasp Serbia overviewOwasp Serbia overview
Owasp Serbia overviewNikola Milosevic
 
Protección web con ESAPI y AppSensor [GuadalajaraCON 2013]
Protección web con ESAPI y AppSensor [GuadalajaraCON 2013]Protección web con ESAPI y AppSensor [GuadalajaraCON 2013]
Protección web con ESAPI y AppSensor [GuadalajaraCON 2013]Websec México, S.C.
 
Ajax Security
Ajax SecurityAjax Security
Ajax Securitydrkimsky
 
Securing broken access controls on Oracle E-business suite
Securing broken access controls on Oracle E-business suiteSecuring broken access controls on Oracle E-business suite
Securing broken access controls on Oracle E-business suiteSuraj Khetani
 
Troubleshooting your elasticsearch cluster like a support engineer
Troubleshooting your elasticsearch cluster like a support engineerTroubleshooting your elasticsearch cluster like a support engineer
Troubleshooting your elasticsearch cluster like a support engineerImma Valls Bernaus
 
CV Devan
CV Devan CV Devan
CV Devan Devan Pillay
 
Basquet
BasquetBasquet
Basquetsiemprefm
 
Thiet ke print ad – Danapha (magazine dailis)
Thiet ke print ad – Danapha (magazine dailis)Thiet ke print ad – Danapha (magazine dailis)
Thiet ke print ad – Danapha (magazine dailis)Viết Nội Dung
 
Nabou Photography
Nabou PhotographyNabou Photography
Nabou Photographynboustead33
 
ferdinand
ferdinandferdinand
ferdinandFerdinand .S. Lubobi
 
Presentación de mis servicios
Presentación de mis servicios Presentación de mis servicios
Presentación de mis servicios Miguel Zamorano
 
CRO Cheat Sheet
CRO Cheat SheetCRO Cheat Sheet
CRO Cheat SheetChris Walton
 
HOMILÍA(A) DEL DOMINGO 2º DEL TO. CICLO C. DIA 17 DE ENERO DEL 2016
HOMILÍA(A) DEL DOMINGO 2º DEL TO. CICLO C. DIA 17 DE ENERO DEL 2016HOMILÍA(A) DEL DOMINGO 2º DEL TO. CICLO C. DIA 17 DE ENERO DEL 2016
HOMILÍA(A) DEL DOMINGO 2º DEL TO. CICLO C. DIA 17 DE ENERO DEL 2016FEDERICO ALMENARA CHECA
 
Onln new
Onln newOnln new
Onln newaswathyvkv
 
SIT_Summer2015_04
SIT_Summer2015_04SIT_Summer2015_04
SIT_Summer2015_04Hillary Coggeshall
 
SOLEMNIDAD DE SANTA MARIA MADRE DE DIOS. DIA 1 DE ENERO DEL 2016
SOLEMNIDAD DE SANTA MARIA MADRE DE DIOS. DIA 1 DE ENERO DEL 2016SOLEMNIDAD DE SANTA MARIA MADRE DE DIOS. DIA 1 DE ENERO DEL 2016
SOLEMNIDAD DE SANTA MARIA MADRE DE DIOS. DIA 1 DE ENERO DEL 2016FEDERICO ALMENARA CHECA
 
Ley 528 - fisioterapia - principios
Ley 528 - fisioterapia - principiosLey 528 - fisioterapia - principios
Ley 528 - fisioterapia - principiosfarmed05
 
Guión para misas
Guión para misasGuión para misas
Guión para misasFranciscanos Valladolid
 
How to differentiate your brand in B2B
How to differentiate your brand in B2BHow to differentiate your brand in B2B
How to differentiate your brand in B2BOctopus Group
 

More Related Content

What's hot

[1.1] Почему вам стоит поучаствовать в жизни OWASP Russia - Александр Антух
[1.1] Почему вам стоит поучаствовать в жизни OWASP Russia - Александр Антух[1.1] Почему вам стоит поучаствовать в жизни OWASP Russia - Александр Антух
[1.1] Почему вам стоит поучаствовать в жизни OWASP Russia - Александр АнтухOWASP Russia
 
Architect's Guide to Building an API Program
Architect's Guide to Building an API ProgramArchitect's Guide to Building an API Program
Architect's Guide to Building an API Programclatimer
 
12 owasp top 10 - introduction
12 owasp top 10 - introduction12 owasp top 10 - introduction
12 owasp top 10 - introductionappsec
 
Protección web con ESAPI y AppSensor [GuadalajaraCON 2013]
Protección web con ESAPI y AppSensor [GuadalajaraCON 2013]Protección web con ESAPI y AppSensor [GuadalajaraCON 2013]
Protección web con ESAPI y AppSensor [GuadalajaraCON 2013]Websec México, S.C.
 
Ajax Security
Ajax SecurityAjax Security
Ajax Securitydrkimsky
 
Securing broken access controls on Oracle E-business suite
Securing broken access controls on Oracle E-business suiteSecuring broken access controls on Oracle E-business suite
Securing broken access controls on Oracle E-business suiteSuraj Khetani
 
Troubleshooting your elasticsearch cluster like a support engineer
Troubleshooting your elasticsearch cluster like a support engineerTroubleshooting your elasticsearch cluster like a support engineer
Troubleshooting your elasticsearch cluster like a support engineerImma Valls Bernaus
 

What's hot (8)

[1.1] Почему вам стоит поучаствовать в жизни OWASP Russia - Александр Антух
[1.1] Почему вам стоит поучаствовать в жизни OWASP Russia - Александр Антух[1.1] Почему вам стоит поучаствовать в жизни OWASP Russia - Александр Антух
[1.1] Почему вам стоит поучаствовать в жизни OWASP Russia - Александр Антух
 
Architect's Guide to Building an API Program
Architect's Guide to Building an API ProgramArchitect's Guide to Building an API Program
Architect's Guide to Building an API Program
 
12 owasp top 10 - introduction
12 owasp top 10 - introduction12 owasp top 10 - introduction
12 owasp top 10 - introduction
 
Owasp Serbia overview
Owasp Serbia overviewOwasp Serbia overview
Owasp Serbia overview
 
Protección web con ESAPI y AppSensor [GuadalajaraCON 2013]
Protección web con ESAPI y AppSensor [GuadalajaraCON 2013]Protección web con ESAPI y AppSensor [GuadalajaraCON 2013]
Protección web con ESAPI y AppSensor [GuadalajaraCON 2013]
 
Ajax Security
Ajax SecurityAjax Security
Ajax Security
 
Securing broken access controls on Oracle E-business suite
Securing broken access controls on Oracle E-business suiteSecuring broken access controls on Oracle E-business suite
Securing broken access controls on Oracle E-business suite
 
Troubleshooting your elasticsearch cluster like a support engineer
Troubleshooting your elasticsearch cluster like a support engineerTroubleshooting your elasticsearch cluster like a support engineer
Troubleshooting your elasticsearch cluster like a support engineer
 

Viewers also liked

Thiet ke print ad – Danapha (magazine dailis)
Thiet ke print ad – Danapha (magazine dailis)Thiet ke print ad – Danapha (magazine dailis)
Thiet ke print ad – Danapha (magazine dailis)Viết Nội Dung
 
Nabou Photography
Nabou PhotographyNabou Photography
Nabou Photographynboustead33
 
Presentación de mis servicios
Presentación de mis servicios Presentación de mis servicios
Presentación de mis servicios Miguel Zamorano
 
HOMILÍA(A) DEL DOMINGO 2º DEL TO. CICLO C. DIA 17 DE ENERO DEL 2016
HOMILÍA(A) DEL DOMINGO 2º DEL TO. CICLO C. DIA 17 DE ENERO DEL 2016HOMILÍA(A) DEL DOMINGO 2º DEL TO. CICLO C. DIA 17 DE ENERO DEL 2016
HOMILÍA(A) DEL DOMINGO 2º DEL TO. CICLO C. DIA 17 DE ENERO DEL 2016FEDERICO ALMENARA CHECA
 
SOLEMNIDAD DE SANTA MARIA MADRE DE DIOS. DIA 1 DE ENERO DEL 2016
SOLEMNIDAD DE SANTA MARIA MADRE DE DIOS. DIA 1 DE ENERO DEL 2016SOLEMNIDAD DE SANTA MARIA MADRE DE DIOS. DIA 1 DE ENERO DEL 2016
SOLEMNIDAD DE SANTA MARIA MADRE DE DIOS. DIA 1 DE ENERO DEL 2016FEDERICO ALMENARA CHECA
 
Ley 528 - fisioterapia - principios
Ley 528 - fisioterapia - principiosLey 528 - fisioterapia - principios
Ley 528 - fisioterapia - principiosfarmed05
 
How to differentiate your brand in B2B
How to differentiate your brand in B2BHow to differentiate your brand in B2B
How to differentiate your brand in B2BOctopus Group
 
Building your Personal Branding
Building your Personal BrandingBuilding your Personal Branding
Building your Personal BrandingGirlsInTechTLV
 

Viewers also liked (15)

CV Devan
CV Devan CV Devan
CV Devan
 
Basquet
BasquetBasquet
Basquet
 
Thiet ke print ad – Danapha (magazine dailis)
Thiet ke print ad – Danapha (magazine dailis)Thiet ke print ad – Danapha (magazine dailis)
Thiet ke print ad – Danapha (magazine dailis)
 
Nabou Photography
Nabou PhotographyNabou Photography
Nabou Photography
 
ferdinand
ferdinandferdinand
ferdinand
 
Presentación de mis servicios
Presentación de mis servicios Presentación de mis servicios
Presentación de mis servicios
 
CRO Cheat Sheet
CRO Cheat SheetCRO Cheat Sheet
CRO Cheat Sheet
 
HOMILÍA(A) DEL DOMINGO 2º DEL TO. CICLO C. DIA 17 DE ENERO DEL 2016
HOMILÍA(A) DEL DOMINGO 2º DEL TO. CICLO C. DIA 17 DE ENERO DEL 2016HOMILÍA(A) DEL DOMINGO 2º DEL TO. CICLO C. DIA 17 DE ENERO DEL 2016
HOMILÍA(A) DEL DOMINGO 2º DEL TO. CICLO C. DIA 17 DE ENERO DEL 2016
 
Onln new
Onln newOnln new
Onln new
 
SIT_Summer2015_04
SIT_Summer2015_04SIT_Summer2015_04
SIT_Summer2015_04
 
SOLEMNIDAD DE SANTA MARIA MADRE DE DIOS. DIA 1 DE ENERO DEL 2016
SOLEMNIDAD DE SANTA MARIA MADRE DE DIOS. DIA 1 DE ENERO DEL 2016SOLEMNIDAD DE SANTA MARIA MADRE DE DIOS. DIA 1 DE ENERO DEL 2016
SOLEMNIDAD DE SANTA MARIA MADRE DE DIOS. DIA 1 DE ENERO DEL 2016
 
Ley 528 - fisioterapia - principios
Ley 528 - fisioterapia - principiosLey 528 - fisioterapia - principios
Ley 528 - fisioterapia - principios
 
Guión para misas
Guión para misasGuión para misas
Guión para misas
 
How to differentiate your brand in B2B
How to differentiate your brand in B2BHow to differentiate your brand in B2B
How to differentiate your brand in B2B
 
Building your Personal Branding
Building your Personal BrandingBuilding your Personal Branding
Building your Personal Branding
 

Similar to 23 owasp top 10 - resources

[Wroclaw #5] OWASP Projects: beyond Top 10
[Wroclaw #5] OWASP Projects: beyond Top 10[Wroclaw #5] OWASP Projects: beyond Top 10
[Wroclaw #5] OWASP Projects: beyond Top 10OWASP
 
OWASP Top 10 - 2017The Ten Most Critical Web Application Sec.docx
OWASP Top 10 - 2017The Ten Most Critical Web Application Sec.docxOWASP Top 10 - 2017The Ten Most Critical Web Application Sec.docx
OWASP Top 10 - 2017The Ten Most Critical Web Application Sec.docxgerardkortney
 
Owasp top 10 2017 (en)
Owasp top 10 2017 (en)Owasp top 10 2017 (en)
Owasp top 10 2017 (en)PrashantDhakol
 
OWASP_Top_10-2017_(en).pdf.pdf
OWASP_Top_10-2017_(en).pdf.pdfOWASP_Top_10-2017_(en).pdf.pdf
OWASP_Top_10-2017_(en).pdf.pdfSamSepiolRhodes
 
Owasp top 10-2017
Owasp top 10-2017Owasp top 10-2017
Owasp top 10-2017malvvv
 
Introduction To OWASP
Introduction To OWASPIntroduction To OWASP
Introduction To OWASPMarco Morana
 
security misconfigurations
security misconfigurationssecurity misconfigurations
security misconfigurationsMegha Sahu
 
香港六合彩 » SlideShare
香港六合彩 » SlideShare香港六合彩 » SlideShare
香港六合彩 » SlideSharebnmbroti
 
香港六合彩 » SlideShare
香港六合彩 » SlideShare香港六合彩 » SlideShare
香港六合彩 » SlideSharenwnftpbv
 
香港六合彩
香港六合彩香港六合彩
香港六合彩pibpjsxy
 
香港六合彩
香港六合彩香港六合彩
香港六合彩gxsdjh
 
香港六合彩-六合彩
香港六合彩-六合彩香港六合彩-六合彩
香港六合彩-六合彩rakfbe
 
香港六合彩<六合彩
香港六合彩<六合彩香港六合彩<六合彩
香港六合彩<六合彩dqsmesc
 
Defensive programming 101 For Dataforening
Defensive programming 101 For DataforeningDefensive programming 101 For Dataforening
Defensive programming 101 For DataforeningNiall Merrigan
 
Defensive programming 101 1
Defensive programming 101 1Defensive programming 101 1
Defensive programming 101 1Niall Merrigan
 
Alten calsoft labs enterprise app store framework
Alten calsoft labs enterprise app store frameworkAlten calsoft labs enterprise app store framework
Alten calsoft labs enterprise app store frameworkSandeep Vyas
 
OWASP TOP TEN 2017 RC1
OWASP TOP TEN 2017 RC1OWASP TOP TEN 2017 RC1
OWASP TOP TEN 2017 RC1Telefónica
 

Similar to 23 owasp top 10 - resources (20)

[Wroclaw #5] OWASP Projects: beyond Top 10
[Wroclaw #5] OWASP Projects: beyond Top 10[Wroclaw #5] OWASP Projects: beyond Top 10
[Wroclaw #5] OWASP Projects: beyond Top 10
 
OWASP Top 10 - 2017The Ten Most Critical Web Application Sec.docx
OWASP Top 10 - 2017The Ten Most Critical Web Application Sec.docxOWASP Top 10 - 2017The Ten Most Critical Web Application Sec.docx
OWASP Top 10 - 2017The Ten Most Critical Web Application Sec.docx
 
Web Application Security Strategy
Web Application Security Strategy Web Application Security Strategy
Web Application Security Strategy
 
Owasp top 10 2017 (en)
Owasp top 10 2017 (en)Owasp top 10 2017 (en)
Owasp top 10 2017 (en)
 
OWASP_Top_10-2017_(en).pdf.pdf
OWASP_Top_10-2017_(en).pdf.pdfOWASP_Top_10-2017_(en).pdf.pdf
OWASP_Top_10-2017_(en).pdf.pdf
 
Owasp top 10-2017
Owasp top 10-2017Owasp top 10-2017
Owasp top 10-2017
 
OISF - AppSec Presentation
OISF - AppSec PresentationOISF - AppSec Presentation
OISF - AppSec Presentation
 
Introduction To OWASP
Introduction To OWASPIntroduction To OWASP
Introduction To OWASP
 
security misconfigurations
security misconfigurationssecurity misconfigurations
security misconfigurations
 
ISC2: AppSec & OWASP Primer
ISC2: AppSec & OWASP PrimerISC2: AppSec & OWASP Primer
ISC2: AppSec & OWASP Primer
 
香港六合彩 » SlideShare
香港六合彩 » SlideShare香港六合彩 » SlideShare
香港六合彩 » SlideShare
 
香港六合彩 » SlideShare
香港六合彩 » SlideShare香港六合彩 » SlideShare
香港六合彩 » SlideShare
 
香港六合彩
香港六合彩香港六合彩
香港六合彩
 
香港六合彩
香港六合彩香港六合彩
香港六合彩
 
香港六合彩-六合彩
香港六合彩-六合彩香港六合彩-六合彩
香港六合彩-六合彩
 
香港六合彩<六合彩
香港六合彩<六合彩香港六合彩<六合彩
香港六合彩<六合彩
 
Defensive programming 101 For Dataforening
Defensive programming 101 For DataforeningDefensive programming 101 For Dataforening
Defensive programming 101 For Dataforening
 
Defensive programming 101 1
Defensive programming 101 1Defensive programming 101 1
Defensive programming 101 1
 
Alten calsoft labs enterprise app store framework
Alten calsoft labs enterprise app store frameworkAlten calsoft labs enterprise app store framework
Alten calsoft labs enterprise app store framework
 
OWASP TOP TEN 2017 RC1
OWASP TOP TEN 2017 RC1OWASP TOP TEN 2017 RC1
OWASP TOP TEN 2017 RC1
 

More from appsec

15 owasp top 10 - a3-xss
15 owasp top 10 - a3-xss15 owasp top 10 - a3-xss
15 owasp top 10 - a3-xssappsec
 
10 application security fundamentals - part 2 - security mechanisms - encry...
10 application security fundamentals - part 2 - security mechanisms - encry...10 application security fundamentals - part 2 - security mechanisms - encry...
10 application security fundamentals - part 2 - security mechanisms - encry...appsec
 
11 application security fundamentals - part 2 - security mechanisms - summary
11 application security fundamentals - part 2 - security mechanisms - summary11 application security fundamentals - part 2 - security mechanisms - summary
11 application security fundamentals - part 2 - security mechanisms - summaryappsec
 
09 application security fundamentals - part 2 - security mechanisms - logging
09 application security fundamentals - part 2 - security mechanisms - logging09 application security fundamentals - part 2 - security mechanisms - logging
09 application security fundamentals - part 2 - security mechanisms - loggingappsec
 
08 application security fundamentals - part 2 - security mechanisms - error...
08 application security fundamentals - part 2 - security mechanisms - error...08 application security fundamentals - part 2 - security mechanisms - error...
08 application security fundamentals - part 2 - security mechanisms - error...appsec
 
06 application security fundamentals - part 2 - security mechanisms - sessi...
06 application security fundamentals - part 2 - security mechanisms - sessi...06 application security fundamentals - part 2 - security mechanisms - sessi...
06 application security fundamentals - part 2 - security mechanisms - sessi...appsec
 
07 application security fundamentals - part 2 - security mechanisms - data ...
07 application security fundamentals - part 2 - security mechanisms - data ...07 application security fundamentals - part 2 - security mechanisms - data ...
07 application security fundamentals - part 2 - security mechanisms - data ...appsec
 
04 application security fundamentals - part 2 - security mechanisms - authe...
04 application security fundamentals - part 2 - security mechanisms - authe...04 application security fundamentals - part 2 - security mechanisms - authe...
04 application security fundamentals - part 2 - security mechanisms - authe...appsec
 
05 application security fundamentals - part 2 - security mechanisms - autho...
05 application security fundamentals - part 2 - security mechanisms - autho...05 application security fundamentals - part 2 - security mechanisms - autho...
05 application security fundamentals - part 2 - security mechanisms - autho...appsec
 
02 application security fundamentals - part 1 - security priciples
02 application security fundamentals - part 1 - security priciples02 application security fundamentals - part 1 - security priciples
02 application security fundamentals - part 1 - security priciplesappsec
 
01 Application Security Fundamentals - part 1 - introduction and goals
01 Application Security Fundamentals - part 1 - introduction and goals01 Application Security Fundamentals - part 1 - introduction and goals
01 Application Security Fundamentals - part 1 - introduction and goalsappsec
 

More from appsec (11)

15 owasp top 10 - a3-xss
15 owasp top 10 - a3-xss15 owasp top 10 - a3-xss
15 owasp top 10 - a3-xss
 
10 application security fundamentals - part 2 - security mechanisms - encry...
10 application security fundamentals - part 2 - security mechanisms - encry...10 application security fundamentals - part 2 - security mechanisms - encry...
10 application security fundamentals - part 2 - security mechanisms - encry...
 
11 application security fundamentals - part 2 - security mechanisms - summary
11 application security fundamentals - part 2 - security mechanisms - summary11 application security fundamentals - part 2 - security mechanisms - summary
11 application security fundamentals - part 2 - security mechanisms - summary
 
09 application security fundamentals - part 2 - security mechanisms - logging
09 application security fundamentals - part 2 - security mechanisms - logging09 application security fundamentals - part 2 - security mechanisms - logging
09 application security fundamentals - part 2 - security mechanisms - logging
 
08 application security fundamentals - part 2 - security mechanisms - error...
08 application security fundamentals - part 2 - security mechanisms - error...08 application security fundamentals - part 2 - security mechanisms - error...
08 application security fundamentals - part 2 - security mechanisms - error...
 
06 application security fundamentals - part 2 - security mechanisms - sessi...
06 application security fundamentals - part 2 - security mechanisms - sessi...06 application security fundamentals - part 2 - security mechanisms - sessi...
06 application security fundamentals - part 2 - security mechanisms - sessi...
 
07 application security fundamentals - part 2 - security mechanisms - data ...
07 application security fundamentals - part 2 - security mechanisms - data ...07 application security fundamentals - part 2 - security mechanisms - data ...
07 application security fundamentals - part 2 - security mechanisms - data ...
 
04 application security fundamentals - part 2 - security mechanisms - authe...
04 application security fundamentals - part 2 - security mechanisms - authe...04 application security fundamentals - part 2 - security mechanisms - authe...
04 application security fundamentals - part 2 - security mechanisms - authe...
 
05 application security fundamentals - part 2 - security mechanisms - autho...
05 application security fundamentals - part 2 - security mechanisms - autho...05 application security fundamentals - part 2 - security mechanisms - autho...
05 application security fundamentals - part 2 - security mechanisms - autho...
 
02 application security fundamentals - part 1 - security priciples
02 application security fundamentals - part 1 - security priciples02 application security fundamentals - part 1 - security priciples
02 application security fundamentals - part 1 - security priciples
 
01 Application Security Fundamentals - part 1 - introduction and goals
01 Application Security Fundamentals - part 1 - introduction and goals01 Application Security Fundamentals - part 1 - introduction and goals
01 Application Security Fundamentals - part 1 - introduction and goals
 

Recently uploaded

[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxOnBoard
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonAnna Loughnan Colquhoun
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024Scott Keck-Warren
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfEnterprise Knowledge
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
The Evolution of Money: Digital Transformation and CBDCs in Central Banking
The Evolution of Money: Digital Transformation and CBDCs in Central BankingThe Evolution of Money: Digital Transformation and CBDCs in Central Banking
The Evolution of Money: Digital Transformation and CBDCs in Central BankingSelcen Ozturkcan
 
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...HostedbyConfluent
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024Results
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesSinan KOZAK
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 

Recently uploaded (20)

[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptx
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
The Evolution of Money: Digital Transformation and CBDCs in Central Banking
The Evolution of Money: Digital Transformation and CBDCs in Central BankingThe Evolution of Money: Digital Transformation and CBDCs in Central Banking
The Evolution of Money: Digital Transformation and CBDCs in Central Banking
 
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 

23 owasp top 10 - resources

  • 1. OWASP Top-10 2013 Resources The Top 10 Most Critical Web Application Security Risks https://www.owasp.org/index.php/Top_10_2013-Top_10
  • 2. Summary: How do you address these problems? • Develop Secure Code – Follow the best practices in OWASP’s Guide to Building Secure Web Applications • https://www.owasp.org/index.php/Guide • And the cheat sheets: https://www.owasp.org/index.php/Cheat_Sheets – Use OWASP’s Application Security Verification Standard as a guide to what an application needs to be secure • https://www.owasp.org/index.php/ASVS – Use standard security components that are a fit for your organization • Use OWASP’s ESAPI as a basis for your standard components • https://www.owasp.org/index.php/ESAPI • Review Your Applications – Have an expert team review your applications – Review your applications yourselves following OWASP Guidelines • OWASP Code Review Guide: https://www.owasp.org/index.php/Code_Review_Guide • OWASP Testing Guide: https://www.owasp.org/index.php/Testing_Guide