Dates
Conferences
Tags
Sort by:
Most recent
Conference: OWASP 20th Anniversary Event
Authors: Brian Glas
2021-09-24
tldr - powered by Generative AI
The presentation discusses the process of creating the OWASP Top 10 2021 and the core principles that guided the selection of the top 10 risk categories.
- The OWASP Top 10 is a baseline for software security and not a ceiling.
- Data is important but has limitations as it reflects the past and not necessarily the present.
- Stability is crucial in the selection of the top 10 risk categories to provide foundational stability for others to build on.
- The goal is to raise the minimum bar and improve security across the industry and community.
- Driving the right behavior is important to improve software security across the industry.
- Root cause analysis is important in identifying and addressing software security issues.
- The OWASP Top 10 2021 was created through a process of data collection, survey, data analysis, categorization, drafts, reviews, and the released product.
Conference: OWASP 20th Anniversary Event
Authors: Malcolm Heath, Raymond Pompon
2021-09-24
tldr - powered by Generative AI
The presentation discusses the analysis of 8.5 million web honeypot events collected over 52 months to identify specific CVEs being targeted in large global attack campaigns and to understand attacker tactics and trends. The data-driven defense approach is emphasized.
- Partnership with Deflexio to collect data from web sensors in hundreds of honeypots worldwide
- 8.5 million events analyzed using Python, Pandas, NumPy, Jupiter Notebooks, and Elasticsearch
- Identification of specific CVEs targeted in global attack campaigns and understanding of attacker tactics and trends
- Data-driven defense approach emphasized