Introducing the OWASP Top 10


Comments are closed.

Coni Gehler at 13:50 on 5 Mar 2016

I was already familiar with the OWASP Top 10, but this talk really made it so much clearer, with the understandable explanations and real-world examples. Entertaining, too. Thank you!

Woody Gilk at 13:50 on 5 Mar 2016

Excellent topic and really good delivery. We all need to be reminded about basic security concerns when dealing with web apps. I would have enjoyed a few more code samples that highlight the best practices that were mentioned.

Bob Lindner at 13:51 on 5 Mar 2016

Great high-energy speaker with fun examples. Highly recommended. This talk peels back some layers of abstractions the frameworks give you (filtering, escaping) and reminds you of everything you should be thinking about!

Tim Lindner at 13:51 on 5 Mar 2016

Good refresher on simple things we can do to be more secure! Great speaker and talk.

Riley Major at 13:58 on 5 Mar 2016

Well-delivered overview of important security concepts. The visualizations were entertaining and helpful, driving home the real-world effects of the vulnerabilities. They underscore the point that it's not just about throwing up an alert box and giggling.

Could have used a little more explanation about using CSRF tokens.

Also, I was shocked I didn't see reference to the iconic Bobby Tables.

Thanks for putting together this presentation.

Steve Meyers at 00:49 on 6 Mar 2016

Good explanations and examples, and presented in an enjoyable way.

Great talk highlighting the top security vulnerabilities in web applications and what can be done to avoid them. I like that you highlighted the general mantra to always filter input and escape output. Speaker had a lot of energy and a good sense of humor to add excitement to what can otherwise be a very dry topic.

As a suggestion, include that any point where data leaves from or arrives to the application can be considered input and output. For example, data going into a database query can be considered output and should be escaped. Data from a API response can be considered input and should be filtered.

I wasn't aware of the OWASP top 10 before this presentation. I thought it was a solid, well-articulated presentation.