[Owasp-cork] OWASP Top 10 Workshops / Call For Speakers

Darren Fitzpatrick darren.fitzpatrick at owasp.org
Wed May 13 11:02:47 UTC 2015


Hi all,

### OWASP Top 10 Workshops

We will be running a series of workshops based on OWASP's most well known
flagship project, the OWASP Top 10 (2013)
https://www.owasp.org/index.php/Top10 (some info below).
These will consist of a talk on the given area, e.g. injection, broken
authentication / session management, etc., or a combination of two for some
of the smaller topics from the Top 10 followed by practical implementations
of these. Practical elements will cover the following two perspectives so
that you leave with not only an understanding of the issues but also having
had hands on practice in these areas:
1. Defensive - Seeing vulnerable code / configurations and investigating
how the issues could be rectified
2. Offensive - attacking vulnerable sites

The first of these workshops will take place on Thursday 28th May, 7-9pm in
UCC ... more info to follow later this week on this, but put it in you
calendar ;)

### Call for Speakers

If anyone would like to take on one of these sessions, whether you have a
good understanding of a particular element(s) of the Top 10, or would like
to research and put forward the info that you have gathered on the day,
please let us know by responding to myself and Fiona. We could work with
you to help provide input, provide OWASP based or other external resources
that might help, and help with setup of the practical elements of the
workshop, along with anything else that we could assist with.

Of course if anyone would like to speak on any other security related topic
that broadly or directly relates to some form of application security, the
doors are always open and we would be delighted to set up an evening at
your convenience.

### OWASP Top 10

The OWASP Top Ten provides a powerful awareness document for web
application security. The OWASP Top Ten represents a broad consensus about
what the most critical web application security flaws are. Project members
include a variety of security experts from around the world who have shared
their expertise to produce this list.

We urge all companies to adopt this awareness document within their
organization and start the process of ensuring that their web applications
do not contain these flaws. Adopting the OWASP Top Ten is perhaps the most
effective first step towards changing the software development culture
within your organization into one that produces secure code.

### The OWASP Top 10 - 2013 is as follows:

A1 Injection
A2 Broken Authentication and Session Management
A3 Cross-Site Scripting (XSS)
A4 Insecure Direct Object References
A5 Security Misconfiguration
A6 Sensitive Data Exposure
A7 Missing Function Level Access Control
A8 Cross-Site Request Forgery (CSRF)
A9 Using Components with Known Vulnerabilities
A10 Unvalidated Redirects and Forwards

Regards,
Darren & Fiona (OWASP Cork Team)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-cork/attachments/20150513/f06e1ef1/attachment.html>


More information about the Owasp-cork mailing list