logo

The Abridged History of OWASP and Application Security

2022-11-18

Authors:   Jim Manico, semgrep.dev


Summary

The presentation discusses the history and progress of information security testing and the role of OWASP in promoting application security.
  • The history of security testing dates back to the Polish researchers who built the first security testing tool to crack Enigma during World War II.
  • The first security testing device in modern history is the bomb.
  • The OWASP foundation is a non-profit international foundation dedicated to helping people and organizations make informed decisions about application security risk.
  • OWASP has released several free guides and tools to promote application security, including the OWASP Top 10 and the Application Security Verification Standard.
  • Cross-site scripting is a complicated vulnerability category that requires attention in application security.
The presenter shares a playful exchange with a famous cryptographer, Jeremy Gosney, about the best password cracking methods.

Abstract

Application Security began in the early '60s, when plaintext password storage, poor password policies, poor access control, weak or non-existent cryptography, and other massive security problems were the norm. This talk will review the history of application security and OWASP to help illustrate how much application security has gotten better and how the rate of positive change has been getting better over the past 60 years. This fun ride through the history of application security will help inspire those who work in this very stressful security industry. Security professionals often look closely at failure and insecurity as part of their work, which can be exhausting on many levels. But when we look at our industry historically, we can all see how genuinely things are improving.

Materials: