To OWASP and Beyond - Common Application Vulnerabilities
Application security is talked about more than it is acted on, as evidenced by the vulnerabilities we continue to see every day. In order to highlight these types of vulnerabilities, OWASP (the Open Web Application Security Project) publishes its Top Ten web application vulnerabilities every 3 years. We'll review the current Top Ten list and then discuss other vulnerabilities that aren't included as well as combo attacks (combining multiple vulnerabilities into a finishing move). Along the way, we will laugh and cringe at tales of applications that didn't quite get it right. (Identities of the examples will not be disclosed so as to protect the fails -- and my job.)
David Felio is a Managing Consultant in the Application Security practice at FishNet Security. During his years in application security, he has conducted scores of application assessments and code reviews. He also delivers application security training classes, threat modeling, architecture reviews, and secure SDLC reviews. David has conducted assessments and training for national and international clients in myriad industries, including retail, healthcare, petroleum, financial services, and government.
David has been working in information technology for over 15 years. Prior to joining FishNet Security, David worked for a government contractor, where he led his division’s security efforts. Before realizing he enjoyed breaking applications more than building them, he was a senior developer. David is a PCI QSA and a member of the SANS/GIAC advisory board.
- Little Rock Tech Fest 65 Recordings
- OWASP 1 Recording