logo
ArticlesConferencesPresentations
Dates
Author
Conferences
Tags

Sort by:  

OWASP SERVERLESS TOP 10

Conference:  Global AppSec Dublin 2023
Authors: Tal Melamed
2023-02-16

tldr - powered by Generative AI

Best practices for securing serverless functions
  • Serverless functions have dependencies that can introduce vulnerabilities
  • Cloud providers offer some security measures but it's important to scan for vulnerabilities in your own code and dependencies
  • Logging and monitoring are important but require automation to be effective
  • Permissions and authentication are crucial for securing serverless functions
  • Stateless nature of serverless functions makes authentication challenging
Tags:
Serverless
OWASP
Top 10
Application Attacks

OWASP - Whats the Point? / Day 2 Opening Remarks

Conference:  Global AppSec San Francisco 2022
Authors: Simon Bennetts, semgrep.dev
2022-11-18
Is OWASP Still Relevant?Do people want to go to conferences and chapter meetings in the aftermath of COVID?Do we need 260+ projects?Does anyone get past the titles of the Top 10?In this talk Simon will explain why he thinks OWASP is still very relevant and a much needed force for good.But this will be interactive and you will get a chance to have your say!
Tags:
OWASP
COVID
conferences
chapter meetings
Top 10

OWASP Top 10 Privacy Risks 2021

Conference:  OWASP 20th Anniversary Event
Authors: Florian Stahl
2021-09-24

tldr - powered by Generative AI

The speaker presents the top 10 risks to web application security and privacy, and discusses the challenges faced in creating version 2.0 of the list.
  • The speaker presents the top 10 risks to web application security and privacy, including injection, broken authentication and session management, cross-site scripting, and security misconfiguration.
  • Insufficient data quality is also a privacy concern, as incorrect data can lead to issues such as incorrect credit ratings or package delivery.
  • Missing or insufficient session expiration is a commonly overlooked risk that can allow providers to collect data from devices without user knowledge.
  • Creating version 2.0 of the list was challenging due to finding volunteers, deciding on which risks to include, and determining the appropriate level of abstraction.
  • Translations and countermeasures for version 2.0 are still being worked on, and the speaker encourages spreading awareness and implementing the list in practice.
Tags:
privacy
web applications
OWASP
risks
Top 10