OWASP Top 10 2010 AppSecDC - Revision history

Wichers at 00:08, 14 November 2009

2009-11-14T00:08:10Z

Wichers: /* The Presentation */

2009-10-18T17:16:00Z

‎The Presentation

Wichers: moved OWASP Top 10 2009 AppSecDC to OWASP Top 10 2010 AppSecDC: It will actually be the 2010 release, not the 2009 release.

2009-10-18T17:11:35Z

moved OWASP Top 10 2009 AppSecDC to OWASP Top 10 2010 AppSecDC: It will actually be the 2010 release, not the 2009 release.

Wichers: /* The Presentation */

2009-10-02T18:07:57Z

‎The Presentation

Wichers at 02:48, 3 September 2009

2009-09-03T02:48:45Z

Mark.bristow: /* The speaker */

2009-08-04T19:11:39Z

‎The speaker

Mark.bristow: Created page with '== The presentation == right OWASP Top 10 Update == The speaker == Dave Wichers is a cofounder and the Chief Operating Officer (COO) of Aspect S…'

2009-08-04T14:38:15Z

Created page with '== The presentation == right OWASP Top 10 Update == The speaker == Dave Wichers is a cofounder and the Chief Operating Officer (COO) of Aspect S…'

New page

== The presentation ==

[[Image:Owasp_logo_normal.jpg|right]]
OWASP Top 10 Update

== The speaker ==
Dave Wichers is a cofounder and the Chief Operating Officer (COO) of Aspect Security, a company that specializes in application security services. For OWASP, he is the volunteer OWASP Conferences Chair, a volunteer member of the OWASP Board, a coauthor of the OWASP Top 10 and the OWASP Application Security Verification Standard, and a contributor to the OWASP Enterprise Security API (ESAPI) project.

Dave has over 20 years of experience in the information security field, and has focused exclusively on application security for the past 10 years. At Aspect, in addition to his COO duties, he is Aspect's application security courseware lead, one of their chief instructors, and provides a wide variety of application security consulting services to Aspect's clients. Prior to starting Aspect, he ran the Application Security Services Group at Exodus Communications. Dave has a Bachelors and Masters degree in Computer Science, is a CISSP, and a CISM.

[[Category:OWASP_AppSec_DC_09]][[Category:OWASP_Conference_Presentations]]

← Older revision		Revision as of 00:08, 14 November 2009
Line 7:		Line 7:

	A significant change for this update will be that the OWASP Top 10 will be focused on the Top 10 '''Risks''' to Web Applications, not just the most common vulnerabilities. At the conference will be the debut of the release candidate of the new Top 10, which will open up a 60 day comment period. After that time, a final version will be produced and released in early 2010.		A significant change for this update will be that the OWASP Top 10 will be focused on the Top 10 '''Risks''' to Web Applications, not just the most common vulnerabilities. At the conference will be the debut of the release candidate of the new Top 10, which will open up a 60 day comment period. After that time, a final version will be produced and released in early 2010.
		+
		+	== Follow Up ==
		+
		+	The release candidate for the OWASP Top Ten for 2010 has been officially released at the OWASP AppSec DC Conference today (Nov 13, 2009). This document is now up for open comment until Dec 31, 2009. We will then update the document and release a final version in early 2010, hopefully January. Please send all comments to: dave.wichers@owasp.org.
		+
		+	The conference presentation which describes the changes, and goes through each item in the new Top 10 can be downloaded here: ([http://www.owasp.org/images/a/a1/AppSec_DC_2009_-_OWASP_Top_10_-_2010_rc1.pptx OWASP Top 10 - 2010 rc1 Presentation]).
		+
		+	[http://www.owasp.org/index.php/File:OWASP_T10_-_2010_rc1.pdf Click here to download the OWASP Top 10 - 2010 rc1] itself.

	== The Speaker ==		== The Speaker ==

@@ Line 2: / Line 2: @@
 [[Image:Owasp_logo_normal.jpg|right]]
-This presentation will cover the next update to the [[OWASP Top 10]] that is currently under development. The OWASP Top 10 was originally released in 2003 to raise awareness of the importance of application security. As the field evolves, the Top 10 needs to be periodically updated to keep with up with the times. The Top 10 was updated in 2004 and the last update was in 2007, where it introduced Cross Site Request Forgery (CSRF) as the big new emerging web application security risk.
+This presentation will cover the [[OWASP Top 10]] - 2010 Release Candidate that is being released at the OWASP DC Conference. The OWASP Top 10 was originally released in 2003 to raise awareness of the importance of application security. As the field evolves, the Top 10 needs to be periodically updated to keep with up with the times. The Top 10 was updated in 2004 and the last update was in 2007, where it introduced Cross Site Request Forgery (CSRF) as the big new emerging web application security risk.
 This update will be based on more sources of web application vulnerability information than the previous versions were when determining the new Top 10. It will also present this information in a more concise, compelling, and consumable manner, and include strong references to the many new openly available resources that can help address each issue, particularly OWASP's new [[ESAPI|Enterprise Security API (ESAPI)]] and [[ASVS|Application Security Verification Standard (ASVS)]] projects.
-A significant change for this update will be that the OWASP Top 10 will be focused on the Top 10 '''Risks''' to Web Applications, not just the most common vulnerabilities. At the conference will be the debut of a release candidate of the new Top 10, which will open up a 60 day comment period. After that time, a final version will be produced and released in early 2010.
+A significant change for this update will be that the OWASP Top 10 will be focused on the Top 10 '''Risks''' to Web Applications, not just the most common vulnerabilities. At the conference will be the debut of the release candidate of the new Top 10, which will open up a 60 day comment period. After that time, a final version will be produced and released in early 2010.
 == The Speaker ==

← Older revision		Revision as of 18:07, 2 October 2009
Line 5:		Line 5:

	This update will be based on more sources of web application vulnerability information than the previous versions were when determining the new Top 10. It will also present this information in a more concise, compelling, and consumable manner, and include strong references to the many new openly available resources that can help address each issue, particularly OWASP's new [[ESAPI\|Enterprise Security API (ESAPI)]] and [[ASVS\|Application Security Verification Standard (ASVS)]] projects.		This update will be based on more sources of web application vulnerability information than the previous versions were when determining the new Top 10. It will also present this information in a more concise, compelling, and consumable manner, and include strong references to the many new openly available resources that can help address each issue, particularly OWASP's new [[ESAPI\|Enterprise Security API (ESAPI)]] and [[ASVS\|Application Security Verification Standard (ASVS)]] projects.
		+
		+	A significant change for this update will be that the OWASP Top 10 will be focused on the Top 10 '''Risks''' to Web Applications, not just the most common vulnerabilities. At the conference will be the debut of a release candidate of the new Top 10, which will open up a 60 day comment period. After that time, a final version will be produced and released in early 2010.

	== The Speaker ==		== The Speaker ==

@@ Line 1: / Line 1: @@
-== The presentation ==
+== The Presentation ==
 [[Image:Owasp_logo_normal.jpg|right]]
-OWASP Top 10 Update
+This presentation will cover the next update to the [[OWASP Top 10]] that is currently under development. The OWASP Top 10 was originally released in 2003 to raise awareness of the importance of application security. As the field evolves, the Top 10 needs to be periodically updated to keep with up with the times. The Top 10 was updated in 2004 and the last update was in 2007, where it introduced Cross Site Request Forgery (CSRF) as the big new emerging web application security risk.
-== The speaker ==
+This update will be based on more sources of web application vulnerability information than the previous versions were when determining the new Top 10. It will also present this information in a more concise, compelling, and consumable manner, and include strong references to the many new openly available resources that can help address each issue, particularly OWASP's new [[ESAPI|Enterprise Security API (ESAPI)]] and [[ASVS|Application Security Verification Standard (ASVS)]] projects.
-Dave Wichers is the Chief Operating Officer (COO) of Aspect Security (www.aspectsecurity.com), a company that specializes in application security services. Mr. Wichers brings over seventeen years of experience in the information security field.  Prior to Aspect, he ran the Application Security Services Group at a large data center company, Exodus Communications.
 His current work involves helping customers, from small e-commerce sites to Fortune 500 corporations and the U.S. Government, secure their applications by providing application security design, architecture, and SDLC support services: including code review, application penetration testing, security policy development, security consulting services, and developer training.
 [[Category:OWASP_AppSec_DC_09]][[Category:OWASP_Conference_Presentations]]

← Older revision	Revision as of 17:11, 18 October 2009
(No difference)