From the OWASP Top Ten(s) to the OWASP ASVS • Philippe De Ryck • GOTO 2018

This presentation was recorded at GOTO Berlin 2018. #gotocon #gotober http://gotober.com Philippe De Ryck - Founder of Pragmatic Web Security, Google Developer Expert ABSTRACT Some people are under the misconception that if they follow the OWASP top 10 that they will have secure applications. But in reality the OWASP Top Ten (and other top ten lists) are just the bare minimum for the sake of entry-level awareness. A more comprehensive understanding of Application Security is needed. This talk with review the OWASP Top Ten 2017 and the OWASP Top Ten Proactive Controls 2018 and compare them to a more comprehensive standard: the OWASP Application Security Verification Standard (ASVS) v3.1. OWASP's ASVS contains over 150 requirements that can provide a basis for testing web application technical security controls and also provide developers with a list of requirements for secure development in a fashion with much more nuance and detail than a top ten [...] Download slides and read the full abstract here: https://gotober.com/2018/sessions/518 RECOMMENDED BOOKS Aaron Parecki • OAuth 2.0 Simplified • https://amzn.to/2A3IMOf Aaron Parecki • OAuth 2.0 Servers • https://amzn.to/3ecHEsz Aaron Parecki • The Little Book of OAuth 2.0 RFCs • https://amzn.to/3i7qnlC Erdal Ozkaya • Cybersecurity: The Beginner's Guide • https://amzn.to/2T6OIj3 Richer & Sanso • OAuth 2 in Action • https://amzn.to/3hXiAH6 Wilson & Hingnikar • Demystifying OAuth 2.0, OpenID Connect, and SAML 2.0 • https://amzn.to/2U8iLY2 https://twitter.com/gotober https://www.facebook.com/GOTOConference https://www.linkedin.com/company/goto- http://gotocon.com #OWASP #security #privacy #DeployingSecurity #ASVS Looking for a unique learning experience? Attend the next GOTO Conference near you! Get your ticket at http://gotocon.com SUBSCRIBE TO OUR CHANNEL - new videos posted almost daily. https://www.youtube.com/user/GotoConferences/?sub_confirmation=1