Beyond OWASP Top 10

Presented at NolaCon 2017, May 21, 2017, 11 a.m. (Unknown duration)

We've all heard of the OWASP Top 10- it is the standard first reference we give web developers who are interested in making their applications more secure. It is also the categorization scheme we give to web vulnerabilities on our pentest reports. But surely there is more to web application security than the OWASP Top 10, right? In this talk, we will discuss 5 vulnerabilities that don't quite fit into the OWASP Top 10 categories, but are just as dangerous if present in a web application. Both developers and pentesters will benefit from this talk, as both exploits and mitigations will be covered for each of the 5 vulnerabilities.

Presenters:

• Aaron Hnatiw
  Aaron Hnatiw is a Senior Security Researcher for Security Compass, an information security advisory firm specializing in application security. Prior to working at Security Compass, Aaron was a professor of Application Security at Georgian College, as well as the founder of Inspectral Security, a security consulting company specializing in red team assessments and vulnerability assessments. Aaron’s background has covered most areas of information technology- he has worked as a security consultant, system administrator, web and desktop application developer, and network security engineer. His current role involves researching information security issues across industries, and developing innovative solutions to these problems. Twitter: @insp3ctre

Links:

• https://nolacon.com/talk/beyond-owasp-top-10
• https://infocon.org/cons/NolaCon/NolaCon 2017/Beyond OWASP Top 10 Aaron Hnatiw.mp4
• https://infocon.org/cons/NolaCon/NolaCon 2017/Beyond OWASP Top 10 Aaron Hnatiw.srt (subtitles)

Similar Presentations:

• CarolinaCon Online 2021 Virtual / Crash Course on Web Application Penetration Testing - Thinking Outside the OWASP 10
• Texas Cyber Summit 2019 / BT-2021 OWASP API Security Top 10
• AppSec USA 2013 / The 2013 OWASP Top 10