Difference between revisions of "OWASP Top 10 2010 AppSecDC"

From OWASP
Jump to: navigation, search
(The speaker)
Line 1: Line 1:
== The presentation ==
+
== The Presentation ==
  
 
[[Image:Owasp_logo_normal.jpg|right]]
 
[[Image:Owasp_logo_normal.jpg|right]]
OWASP Top 10 Update
+
This presentation will cover the next update to the [[OWASP Top 10]] that is currently under development. The OWASP Top 10 was originally released in 2003 to raise awareness of the importance of application security. As the field evolves, the Top 10 needs to be periodically updated to keep with up with the times. The Top 10 was updated in 2004 and the last update was in 2007, where it introduced Cross Site Request Forgery (CSRF) as the big new emerging web application security risk.
  
== The speaker ==
+
This update will be based on more sources of web application vulnerability information than the previous versions were when determining the new Top 10. It will also present this information in a more concise, compelling, and consumable manner, and include strong references to the many new openly available resources that can help address each issue, particularly OWASP's new [[ESAPI|Enterprise Security API (ESAPI)]] and [[ASVS|Application Security Verification Standard (ASVS)]] projects.
Dave Wichers is the Chief Operating Officer (COO) of Aspect Security (www.aspectsecurity.com), a company that specializes in application security services. Mr. Wichers brings over seventeen years of experience in the information security field.  Prior to Aspect, he ran the Application Security Services Group at a large data center company, Exodus Communications.
+
  
His current work involves helping customers, from small e-commerce sites to Fortune 500 corporations and the U.S. Government, secure their applications by providing application security design, architecture, and SDLC support services: including code review, application penetration testing, security policy development, security consulting services, and developer training.
+
== The Speaker ==
 +
[[User:Wichers|Dave Wichers]] is a member of the OWASP Board, the OWASP Conferences Chair, and a coauthor, along with [[User:Jeff Williams|Jeff Williams]], of all previous versions of the OWASP Top Ten.  
  
Dave holds a BSE in Computer Systems Engineering from Arizona State University and a Masters degree in Computer Science from the University of California at Davis. Dave is a CISSP and a CISM, is currently the OWASP Conferences Chair (www.owasp.org), and is a coauthor of the OWASP Top Ten.  
+
Dave is also the Chief Operating Officer (COO) of Aspect Security ([http://www.aspectsecurity.com www.aspectsecurity.com]), a company that specializes in application security services. Mr. Wichers brings over twenty years of experience in the information security field. Prior to cofounding Aspect, he ran the Application Security Services Group at a large data center company, Exodus Communications.
 +
 
 +
His current work involves helping customers, from small e-commerce sites to Fortune 500 corporations and the U.S. Government, secure their applications by providing application security design, architecture, and SDLC support services: including code review, application penetration testing, security policy development, security consulting services, and developer training.
  
 
[[Category:OWASP_AppSec_DC_09]][[Category:OWASP_Conference_Presentations]]
 
[[Category:OWASP_AppSec_DC_09]][[Category:OWASP_Conference_Presentations]]

Revision as of 21:48, 2 September 2009

The Presentation

Owasp logo normal.jpg

This presentation will cover the next update to the OWASP Top 10 that is currently under development. The OWASP Top 10 was originally released in 2003 to raise awareness of the importance of application security. As the field evolves, the Top 10 needs to be periodically updated to keep with up with the times. The Top 10 was updated in 2004 and the last update was in 2007, where it introduced Cross Site Request Forgery (CSRF) as the big new emerging web application security risk.

This update will be based on more sources of web application vulnerability information than the previous versions were when determining the new Top 10. It will also present this information in a more concise, compelling, and consumable manner, and include strong references to the many new openly available resources that can help address each issue, particularly OWASP's new Enterprise Security API (ESAPI) and Application Security Verification Standard (ASVS) projects.

The Speaker

Dave Wichers is a member of the OWASP Board, the OWASP Conferences Chair, and a coauthor, along with Jeff Williams, of all previous versions of the OWASP Top Ten.

Dave is also the Chief Operating Officer (COO) of Aspect Security (www.aspectsecurity.com), a company that specializes in application security services. Mr. Wichers brings over twenty years of experience in the information security field. Prior to cofounding Aspect, he ran the Application Security Services Group at a large data center company, Exodus Communications.

His current work involves helping customers, from small e-commerce sites to Fortune 500 corporations and the U.S. Government, secure their applications by providing application security design, architecture, and SDLC support services: including code review, application penetration testing, security policy development, security consulting services, and developer training.