AppSec: From the OWASP Top Ten(s) to the OWASP ASVS • Jim Manico • GOTO 2019 скачать в хорошем качестве

AppSec: From the OWASP Top Ten(s) to the OWASP ASVS • Jim Manico • GOTO 2019

This presentation was recorded at GOTO Chicago 2019. #GOTOcon #GOTOchgo http://gotochgo.com Jim Manico - OWASP Project Leader, AppSec Enthusiast and Java Champion ABSTRACT Some people are under the misconception that if they follow the OWASP top 10 that they will have secure web applications. But in reality the OWASP Top Ten (and other top ten lists) are just the bare minimum that at best provide entry-level general awareness. A more comprehensive understanding of Application Security is needed. This talk will review the OWASP Top Ten 2017 and the OWASP Top Ten Proactive Controls 2018 and compare them to a more comprehensive standard: the OWASP Application Security Verification Standard (ASVS) v4.0. OWASP's ASVS contains over 180 requirements that can provide a basis for defining what secure software really is. The OWASP ASVS can be used to help test technical security controls of web and API applications. It can also be used to provide developers with a list of requirements for secure development with much more nuance and detail than a top ten list! You cannot base a security program [...] Download slides and read the full abstract here: https://gotochgo.com/2019/sessions/709   / gotochgo     / gotoconference     / goto-   http://gotocon.com #AppSec #OWASP #OWASPTop10 #OWASPASVS #security Looking for a unique learning experience? Attend the next GOTO Conference near you! Get your ticket at http://gotocon.com SUBSCRIBE TO OUR CHANNEL - new videos posted almost daily. https://www.youtube.com/user/GotoConf...