Hi [[ session.user.profile.firstName ]]

The OWASP Top 10 2017 - Let's Cut to The Chase

What Do You REALLY Need to Know About the New OWASP Top Ten?

The OWASP Top Ten is the de-facto web application security standard because it reflects the evolving threat landscape, providing organizations a framework to manage and mitigate application security risk.

This dual-presenter format will examine the critical newcomers and pesky incumbents from both an offensive and defensive perspective. Attend to get our expert insight on how to harden Web applications and align your program towards OWASP compliance.


Topics covered include:

- The newcomers – why they are so tricky and elude traditional test efforts
- XSS and Injection – mistakes organizations keep making that land these preventable threats on every Top Ten list
- Design flaws that cause them and coding errors that expose them
- High impact activities that reduce exploitability, prevalence and impact

Meet the Presenters:

Kevin Poniatowski, Sr. Security Instructor & Engineer at Security Innovation, brings an optimal blend of speaking ability, technical savvy, and an insatiable passion for security to Security Innovation's training customers. Kevin entered the application security field in 2007 with Security Innovation, where he has split time between application security course development and delivering instructor-led courses.

Mark Burnett is a security consultant, author, and researcher who specializes in application security, authentication, and hardening Microsoft Windows-based servers and networks. Since 1999 he has worked in numerous areas of IT security, developing unique strategies and techniques for protecting critical assets. Mark is author and coauthor of a number of security books and publishes security articles for several web sites, newsletters, and magazines.
Recorded Feb 7 2018 60 mins
Your place is confirmed,
we'll send you email reminders
Presented by
Kevin Poniatowski and Mark Burnett
Presentation preview: The OWASP Top 10 2017 - Let's Cut to The Chase

Network with like-minded attendees

  • [[ session.user.profile.displayName ]]
    Add a photo
    • [[ session.user.profile.displayName ]]
    • [[ session.user.profile.jobTitle ]]
    • [[ session.user.profile.companyName ]]
    • [[ userProfileTemplateHelper.getLocation(session.user.profile) ]]
  • [[ card.displayName ]]
    • [[ card.displayName ]]
    • [[ card.jobTitle ]]
    • [[ card.companyName ]]
    • [[ userProfileTemplateHelper.getLocation(card) ]]
  • Channel
  • Channel profile
  • Securing Microservices in Today’s Fast, Feature-Driven SDLC Dec 8 2021 6:00 pm UTC 60 mins
    Ed Adams | Security Innovation; Claudia Dent | Everbridge; Trupti Shiralkar | Datadog; Mark Nesline | Imprivata
    Organizations are increasingly relying on microservices to modernize and scale in today’s distributed tech ecosystem. Microservices facilitate continuous delivery and deployment by offering loose coupling through modularity, fault isolation, and resiliency. However, the resulting distributed systems are often complex, with large attack surfaces, making traditional security assessments difficult.

    To maintain consistent security levels, teams need to standardize practices and recalibrate assessment techniques. Come learn how industry experts from product security, engineering, and product management integrate risk-based approaches to their software pipeline to release software more confidently.

    Topics include:

    - Security as a Service: Arming teams with pre-secured libraries, assessment templates, security guidance, and hardened frameworks
    - Rapid Risk Assessments: Evolving beyond monolithic SAST/DAST scans towards rapid component analysis
    - Modern Vulnerability Management: Optimizing classification systems based on component criticality, business impact potential, and mitigating controls
  • Risk-Based Testing for IoT Systems Nov 15 2021 6:00 pm UTC 48 mins
    Ed Adams, CEO of Security Innovation
    IoT Systems provide powerful, flexible features for IT systems — tracking, monitoring, and other data sharing. Today’s IoT devices utilize microservices and APIs that make them easy to put into production. But securing them isn’t as easy.

    This webinar will look at security risks of IoT devices, interfaces, and implementations. We’ll provide practical steps and checklists any DevOps team can use to make their IoT components as secure as possible. We’ll also cover some testing best practices that can be done pre- and post-production to verify security and resilience on an ongoing basis. 

    About the Speaker
    Ed Adams is a software quality and security expert with over 20 years of experience in the field. He served as a member of the Security Innovation Board of Directors since its inception in 2002 and took over as CEO in 2003. Ed is a Research Fellow at The Ponemon Institute, serves on the board of several IT security organizations, and was named a Privacy by Design Ambassador by the Information and Privacy Commissioner of Canada.
  • Security Upskilling Software Teams: Insights from Microsoft, Atlassian & Intuit Recorded: Oct 13 2021 57 mins
    Ed Adams | Security Innovation; Alex DeDonker | Microsoft; Marisa Fagan | Atlassian; Kim Jones | Intuit
    To meet the demand for feature-rich software, companies rely on emerging technologies and rapid release cycles. However, they often lack confidence in their teams to build and deploy it securely. Leaders need a playbook that goes beyond just training developers on secure coding and reflects how teams want to learn.

    Join this Ed TALKS to hear how three professionals have up-leveled skills at Intuit, Microsoft, and Atlassian and gain insight from benchmark data from Security Innovation’s own expansive user base.
  • The Primary Colors of Cybersecurity: Red, Blue and Purple Teams Recorded: Sep 21 2021 59 mins
    Ed Adams, CEO at Security Innovation
    In the military world, Attack (Red) & Defend (Blue) Teams conduct internal “war games” to assess preparedness and resiliency. In the cybersecurity world, they work the same way; however, the joining of forces has produced a new color - purple.

    Typically, these colors existing in the domain of the InfoSec team. But what about teams that build and/or operate IT systems? They tend to be color blind — neither Red nor Blue nor Purple. There’s tremendous value in teaching build and operate teams attack and defend tactics - attend this talk to hear 3 experts explain why.
  • Are IoT & BYOD dead? Why today we live with the Enterprise of Things Recorded: Sep 14 2021 60 mins
    Ed Adams|Security Innovation; Larry Whiteside Jr|CyberClan; Vandana Padmanabhan|stealth mode startup; Anil Mahale|Forescout
    The enterprise of things (EoT) encompasses all the "things" that get pulled into an enterprise's infrastructure. Not just IoT but also operational technology, office endpoints, WFH devices, and more. The 2020 rush to work-from-home, the proliferation of 5G, and an increased dependency on personal devices are burdening IT with a more diverse attack surface and devices that don't conform to corporate standards.

    Leaders need to adjust their cyber-risk-mitigation playbooks. Come listen to three industry experts discuss this hostile ecosystem and the defenses they've put in place to adapt.

    Topics include:
    - Securing the software that runs the Enterprise of Things
    - Managing risk in corporate networks where IP is no longer isolated
    - Evolving techniques in attack surface management and threat modeling
    - Practical tips for minimizing IoT data leaks and adopting zero trust
    - Managing device decay and non-standard configurations
  • Are IoT & BYOD dead? Why today we live with the Enterprise of Things Recorded: Sep 14 2021 60 mins
    Ed Adams|Security Innovation; Larry Whiteside Jr|CyberClan; Vandana Padmanabhan|stealth mode startup; Anil Mahale|Forescout
    The enterprise of things (EoT) encompasses all the "things" that get pulled into an enterprise's infrastructure. Not just IoT but also operational technology, office endpoints, WFH devices, and more. The 2020 rush to work-from-home, the proliferation of 5G, and an increased dependency on personal devices are burdening IT with a more diverse attack surface and devices that don't conform to corporate standards.

    Leaders need to adjust their cyber-risk-mitigation playbooks. Come listen to three industry experts discuss this hostile ecosystem and the defenses they've put in place to adapt.

    Topics include:
    - Securing the software that runs the Enterprise of Things
    - Managing risk in corporate networks where IP is no longer isolated
    - Evolving techniques in attack surface management and threat modeling
    - Practical tips for minimizing IoT data leaks and adopting zero trust
    - Managing device decay and non-standard configurations
  • Are IoT & BYOD dead? Why today we live with the Enterprise of Things Recorded: Aug 25 2021 60 mins
    Ed Adams|Security Innovation; Larry Whiteside Jr|CyberClan; Vandana Padmanabhan|stealth mode startup; Anil Mahale|Forescout
    The enterprise of things (EoT) encompasses all the "things" that get pulled into an enterprise's infrastructure. Not just IoT but also operational technology, office endpoints, WFH devices, and more. The 2020 rush to work-from-home, the proliferation of 5G, and an increased dependency on personal devices are burdening IT with a more diverse attack surface and devices that don't conform to corporate standards.

    Leaders need to adjust their cyber-risk-mitigation playbooks. Come listen to three industry experts discuss this hostile ecosystem and the defenses they've put in place to adapt.

    Topics include:
    - Securing the software that runs the Enterprise of Things
    - Managing risk in corporate networks where IP is no longer isolated
    - Evolving techniques in attack surface management and threat modeling
    - Practical tips for minimizing IoT data leaks and adopting zero trust
    - Managing device decay and non-standard configurations
  • Defending Against Live MITRE ATT&CKs Recorded: Aug 17 2021 36 mins
    Kevin Poniatowski, Principal Security Instructor at Security Innovation
    Leveraging a real-world Banking Web site to demonstrate MITRE Attacks, see firsthand how hackers exploit the OWASP Top Ten and other vulnerabilities to break into applications and systems - and learn defensive techniques that can help to immobilize them.
  • Defending Against Live MITRE ATT&CKs Recorded: Aug 17 2021 36 mins
    Kevin Poniatowski, Principal Security Instructor at Security Innovation
    Leveraging a real-world Banking Web site to demonstrate MITRE Attacks, see firsthand how hackers exploit the OWASP Top Ten and other vulnerabilities to break into applications and systems - and learn defensive techniques that can help to immobilize them.
  • Steal the Attackers Playbook with Purple Teams Recorded: Jul 28 2021 49 mins
    Ed Adams, Security Innovation | Trupti Shiralkar, Illumio | Bill Titus, Skillsoft | Bryson Bort, SCYTHE
    Historical approaches to IT security have been driven by primary colors – red teams attack, blue teams defend. This leaves technical teams color blind as to how hackers exploit the very software they are tasked with building and protecting.

    Purple Teaming is a collaborative approach organizations use to improve their security posture during the attack exercise to capture immediate value and foster a real-world defensive approach. This strengthens a team’s understanding of abuse cases so they can employ effective controls from requirements through deployment.

    Attend this talk to learn how to embed an exploit mentality into technical teams, which results in a reduced attack surface, fewer security vulnerabilities, and accelerated feature release.
  • Steal the Attackers Playbook with Purple Teams Recorded: Jul 28 2021 49 mins
    Ed Adams, Security Innovation | Trupti Shiralkar, Illumio | Bill Titus, Skillsoft | Bryson Bort, SCYTHE
    Historical approaches to IT security have been driven by primary colors – red teams attack, blue teams defend. This leaves technical teams color blind as to how hackers exploit the very software they are tasked with building and protecting.

    Purple Teaming is a collaborative approach organizations use to improve their security posture during the attack exercise to capture immediate value and foster a real-world defensive approach. This strengthens a team’s understanding of abuse cases so they can employ effective controls from requirements through deployment.

    Attend this talk to learn how to embed an exploit mentality into technical teams, which results in a reduced attack surface, fewer security vulnerabilities, and accelerated feature release.
  • Steal the Attackers Playbook with Purple Teams Recorded: Jun 22 2021 49 mins
    Ed Adams, Security Innovation | Trupti Shiralkar, Illumio | Bill Titus, Skillsoft | Bryson Bort, SCYTHE
    Historical approaches to IT security have been driven by primary colors – red teams attack, blue teams defend. This leaves technical teams color blind as to how hackers exploit the very software they are tasked with building and protecting.

    Purple Teaming is a collaborative approach organizations use to improve their security posture during the attack exercise to capture immediate value and foster a real-world defensive approach. This strengthens a team’s understanding of abuse cases so they can employ effective controls from requirements through deployment.

    Attend this talk to learn how to embed an exploit mentality into technical teams, which results in a reduced attack surface, fewer security vulnerabilities, and accelerated feature release.
  • Creating an Effective Application Privacy Policy Recorded: Jun 7 2021 61 mins
    Kevin Poniatowski, Sr. Security Engineer and Trainer
    From executives to software developers and database administrators, each role plays an important part in protecting privacy data. But what does an effective privacy program look like for the teams that build and operate the software applications that powers your enterprise?

    This webcast will describe how to build powerful policies that can be easily understood and implemented in today’s continuous delivery and DevOps approaches.

    Topics include:

    Privacy Concerns for Software Applications
    Threats, Regulations, and Laws
    Guidelines for Building Privacy Policy
    Privacy Engineering Principles
    Data Collection, Retention, and Consent

    This Webcast is ideal for policy makers, program leads, compliance managers, and privacy officers. Development and IT Operations teams will also gain valuable insight into how to protect data throughout the entire application lifecycle.
  • Creating an Effective Application Privacy Policy Recorded: Jun 3 2021 61 mins
    Kevin Poniatowski, Sr. Security Engineer and Trainer
    From executives to software developers and database administrators, each role plays an important part in protecting privacy data. But what does an effective privacy program look like for the teams that build and operate the software applications that powers your enterprise?

    This webcast will describe how to build powerful policies that can be easily understood and implemented in today’s continuous delivery and DevOps approaches.

    Topics include:

    Privacy Concerns for Software Applications
    Threats, Regulations, and Laws
    Guidelines for Building Privacy Policy
    Privacy Engineering Principles
    Data Collection, Retention, and Consent

    This Webcast is ideal for policy makers, program leads, compliance managers, and privacy officers. Development and IT Operations teams will also gain valuable insight into how to protect data throughout the entire application lifecycle.
  • Risk-Based Testing for IoT Systems Recorded: May 30 2021 48 mins
    Ed Adams, CEO of Security Innovation
    IoT Systems provide powerful, flexible features for IT systems — tracking, monitoring, and other data sharing. Today’s IoT devices utilize microservices and APIs that make them easy to put into production. But securing them isn’t as easy.

    This webinar will look at security risks of IoT devices, interfaces, and implementations. We’ll provide practical steps and checklists any DevOps team can use to make their IoT components as secure as possible. We’ll also cover some testing best practices that can be done pre- and post-production to verify security and resilience on an ongoing basis. 

    About the Speaker
    Ed Adams is a software quality and security expert with over 20 years of experience in the field. He served as a member of the Security Innovation Board of Directors since its inception in 2002 and took over as CEO in 2003. Ed is a Research Fellow at The Ponemon Institute, serves on the board of several IT security organizations, and was named a Privacy by Design Ambassador by the Information and Privacy Commissioner of Canada.
  • Risk-Based Testing for IoT Systems Recorded: May 26 2021 48 mins
    Ed Adams, CEO of Security Innovation
    IoT Systems provide powerful, flexible features for IT systems — tracking, monitoring, and other data sharing. Today’s IoT devices utilize microservices and APIs that make them easy to put into production. But securing them isn’t as easy.

    This webinar will look at security risks of IoT devices, interfaces, and implementations. We’ll provide practical steps and checklists any DevOps team can use to make their IoT components as secure as possible. We’ll also cover some testing best practices that can be done pre- and post-production to verify security and resilience on an ongoing basis. 

    About the Speaker
    Ed Adams is a software quality and security expert with over 20 years of experience in the field. He served as a member of the Security Innovation Board of Directors since its inception in 2002 and took over as CEO in 2003. Ed is a Research Fellow at The Ponemon Institute, serves on the board of several IT security organizations, and was named a Privacy by Design Ambassador by the Information and Privacy Commissioner of Canada.
  • Protect Sensitive Data (and be PCI Compliant, too!) Recorded: May 23 2021 59 mins
    Kevin Poniatowski, Principal Security Instructor
    Sensitive data is vulnerable when it is stored insecurely and transmitted over open networks. The PCI Security Council takes a hard line on protecting cardholder data and describes specific methods to comply with its standards.

    Attend this webinar to better understand methods that make data theft more difficult for attackers and render stolen data unusable.

    Topics covered:

    • Properly protecting stored cardholder data - encryption, hashing, masking and truncation

    • Securing data during transmission - using strong cipher suites, valid certificates, and strong TLS security

    • How to identify and mitigate missing encryption
  • Protect Sensitive Data (and be PCI Compliant, too!) Recorded: May 21 2021 59 mins
    Kevin Poniatowski, Principal Security Instructor
    Sensitive data is vulnerable when it is stored insecurely and transmitted over open networks. The PCI Security Council takes a hard line on protecting cardholder data and describes specific methods to comply with its standards.

    Attend this webinar to better understand methods that make data theft more difficult for attackers and render stolen data unusable.

    Topics covered:

    • Properly protecting stored cardholder data - encryption, hashing, masking and truncation

    • Securing data during transmission - using strong cipher suites, valid certificates, and strong TLS security

    • How to identify and mitigate missing encryption
  • Connected Cars: What Could Possibly Go Wrong? Recorded: May 16 2021 55 mins
    Dr. Larry Ponemon of the Ponemon Institute and Ed Adams of Security Innovation
    Millions of cars with tens of millions of lines of code are already talking to servers and each other. According to the Ponemon Research Institute, 63% of manufacturers test less than half of the technologies in your car for vulnerabilities and only 33% train developers on secure coding methods.

    However, there is a new IT system going into cars that was built with security and privacy by design. This “Talking Cars” safety of life program, which is estimated to save 10,000 lives per year, is one of the few automotive technologies that is secure and private for drivers.

    This webinar discusses the trade-off between safety, privacy, and convenience. It will also examine the 10-year Privacy by Design system used in “Talking Cars” and how other technology projects can benefit from similar due diligence.

    Topics:
    • Connected cars – threats and attack surface
    • Review of the most current research on automotive IT security and privacy
    • Blueprint for excellence: Security & Privacy in the “Talking Cars” program

    Though basic knowledge of cybersecurity and privacy is helpful, this webinar is for anyone who wants to better understand connected car technology and how to design resilient IT systems. The speakers, Dr. Larry Ponemon and Ed Adams, are experts in their field and deliver this information-rich webinar.
  • Connected Cars: What Could Possibly Go Wrong? Recorded: May 14 2021 55 mins
    Dr. Larry Ponemon of the Ponemon Institute and Ed Adams of Security Innovation
    Millions of cars with tens of millions of lines of code are already talking to servers and each other. According to the Ponemon Research Institute, 63% of manufacturers test less than half of the technologies in your car for vulnerabilities and only 33% train developers on secure coding methods.

    However, there is a new IT system going into cars that was built with security and privacy by design. This “Talking Cars” safety of life program, which is estimated to save 10,000 lives per year, is one of the few automotive technologies that is secure and private for drivers.

    This webinar discusses the trade-off between safety, privacy, and convenience. It will also examine the 10-year Privacy by Design system used in “Talking Cars” and how other technology projects can benefit from similar due diligence.

    Topics:
    • Connected cars – threats and attack surface
    • Review of the most current research on automotive IT security and privacy
    • Blueprint for excellence: Security & Privacy in the “Talking Cars” program

    Though basic knowledge of cybersecurity and privacy is helpful, this webinar is for anyone who wants to better understand connected car technology and how to design resilient IT systems. The speakers, Dr. Larry Ponemon and Ed Adams, are experts in their field and deliver this information-rich webinar.
Securing software in the connected world
In today's connected world, software runs everything - from smart phones to banking applications, cars to home security systems, even refrigerators, garage doors and other every day devices are "connected." Software is everywhere – and unfortunately, it provides the largest attack surface for hackers. We are a cybersecurity company leveraging our deep knowledge of software security to create relevant products and services.

Embed in website or blog

Successfully added emails: 0
Remove all
  • Title: The OWASP Top 10 2017 - Let's Cut to The Chase
  • Live at: Feb 7 2018 7:00 pm
  • Presented by: Kevin Poniatowski and Mark Burnett
  • From:
Your email has been sent.
or close