From the OWASP Top Ten(s) to the OWASP ASVS - Jim Manico
Description
Some people are under the misconception that if they follow the OWASP top 10 that they will have secure web applications.
But in reality, the OWASP Top Ten (and other top ten lists) are just the bare minimum that at best provide entry-level general awareness. A more comprehensive understanding of Application Security is needed. This talk with review the OWASP Top Ten 2017 and the OWASP Top Ten Proactive Controls 2018 and compare them to a more comprehensive standard: the OWASP Application Security Verification Standard (ASVS) v4.0. OWASP's ASVS contains over 180 requirements that can provide a basis for defining what secure software really is. The OWASP ASVS can be used to help test technical security controls of web and API applications. It can also be used to provide developers with a list of requirements for secure development with much more nuance and detail than a top ten list! You cannot base a security program off a Top Ten list. You can base an Application Security program off of the OWASP ASVS.
Check out more of our talks, courses, and conferences in the following links:
https://ndcconferences.com/
https://ndc-london.com/
![TryHackMe #042 OWASP Top 10 [Day 2]](https://no-mar.com/uploads/thumbs/641297d1b-1.jpg)
![TryHackMe #051 OWASP Top 10 [Day 6]](https://no-mar.com/uploads/thumbs/954b81805-1.jpg)
![TryHackMe #058 OWASP Top 10 [Day 8]](https://no-mar.com/uploads/thumbs/30bdb0c8c-1.jpg)
![TryHackMe #066 OWASP Top 10 [Day 10]](https://no-mar.com/uploads/thumbs/6763b54ac-1.jpg)
![TryHackMe #064 OWASP Top 10 [Day 9]](https://no-mar.com/uploads/thumbs/105aeb46b-1.jpg)
![TryHackMe #053 OWASP Top 10 [Day 7]](https://no-mar.com/uploads/thumbs/11619b047-1.jpg)
![TryHackMe #038 OWASP Top 10 [Day 1]](https://no-mar.com/uploads/thumbs/df7875ea9-1.jpg)
Comments