The Open Web Application Security Project (OWASP) is most famously known for its list of the top ten security risks for websites. After a long wait, the 2017 edition of the list has been released. We'll have a look at all entries on that list, what's new, what has changed, and what security risks a modern web application will face. And since this is a PHP conference, we'll look how we can mitigate those risks with our favorite programming language.


Comments are closed.

Subject kept kind of light but nevertheless professional and interesting

mike parrish at 09:30 on 25 Oct 2017

Very well done presentation. Not only presented the concepts, but also how to quickly mitigate the risks.

Marc Snijman at 12:00 on 25 Oct 2017

Enjoyed the insight and especially the code examples of how the attack works and how to counter it.

Very good. He not only went through the list but gave helpful background info and also shared opinions with reasons about where he disagreed with certain aspects of the list. Got several takeaways to improve the security of our sites.

matthew hill at 07:12 on 26 Oct 2017

great presentation on the list, the thought behind why, and what got left out. only criticism i can offer is #9 was a bit rushed.

Julian at 16:55 on 26 Oct 2017

Great talk and excellent speaker.

Elli at 10:53 on 27 Oct 2017

I loved this talk! Christian was very funny and engaging.

Christian did a great job covering the soon to be released OWASP top ten for 2017. I enjoyed hearing his thoughts on what items should be ranked differently. Presented well and made great points.