Talk in English - UK at PHPSW: Security, April 2017
Short URL: https://joind.in/talk/49e34
(QR-Code (opens in new window))
Cyber attacks are a real and growing threat to businesses and an increasing number of attacks take place at application layer. The best defence is to develop applications where security controls are incorporated as part of the software development cycle and used by developers while writing their code.
OWASP Top 10 Proactive Controls considers security as part of development.
This talk will present the proactive security controls that can be incorporated in development cycle and used while writing the software. By the end of this presentation you will have a better understanding of the recommended security controls that you can incorporate into your software projects. For each control, you will learn which OWASP Top 10 Risks can prevent.
Comments
Comments are closed.
A good intro to the differences between OWASP Top 10 Security Risks (the classic well known list), vs the Top 10 Proactive Controls (which is a better list for developers to review).
I didn't know the Proactive Controls list existed, and agree that this is much better for developers to read and understand - e.g. Parameterise Queries (C2) is a known thing you can do and read up on, whereas Injection (A1) is a general concept that covers many things (parameterised queries being a good solution for the SQL injection problem, but does not cover Command Injection).
The only change I'd make (very minor) is that I might remove one of the slides which shows the simple website path, it was shown a few times, which might be good for some people (who learn better with repetition), but with a short talk, I don't think it was necessary (for me).