HAMILTON, N.J., June 10, 2020 /PRNewswire-PRWeb/ -- The OWASP Top 10 is probably the world's most widely referenced web application security guidance. But is it the guidance your business should be using? Who and what is the OWASP Top 10 actually intended for? What other options are there? The latest episode of The Virtual CISO Podcast from Pivot Point Security goes straight to the source at OWASP to uncover why you should probably rethink the OWASP Top 10.
The Open Web Application Security Project's (OWASP) Top 10 Web Application Security Risks has long been—in OWASPs' own words—"a standard awareness document for developers and web application security. It represents a broad consensus about the most critical security risks to web applications."
But are teams using the OWASP Top 10 as its creators intend? Is it really the "gold standard" for verifying that a web application is secure? Or is it intended to be just a starting point? After all, it tells us more about what not to do than about how to build or test secure web applications.
To clarify OWASP's intended guidance and use cases for application developers, testers and security teams, Pivot Point Security's CISO and Managing Partner, John Verry, speaks with Andrew van der Stock, Senior Application Security Leader at OWASP and a primary contributor to the OWASP Top 10, in the latest episode of The Virtual CISO Podcast.
Andrew and John's conversation will give business and technology leaders as well as developers and security practitioners a very clear understanding of how best to use the OWASP Top 10, including:
- Why the OWASP Top 10 was created and its intended purpose
- When to move from the OWASP Top 10 to the OWASP Application Security Verification Standard (ASVS)
- The application security "language" and terminology reference points that executives need to stay on the same page with technologists when discussing AppSec guidance
If your team uses the OWASP Top 10 today, or is looking for ways to improve web application security, this podcast will give you definitive, expert advice to steer you in the right direction.
To access this episode and many more in Pivot Point Security's Virtual CISO podcast series anytime, visit this page: https://www.pivotpointsecurity.com/podcasts/the-virtual-ciso-podcast-andrew-van-der-stock-the-owasp-top-ten-is-great-but-is-it-enough/.
About Pivot Point Security
Since 2001, Pivot Point Security has been helping organizations understand and effectively manage their information security risk. We work as a logical extension of your team to simplify the complexities of security and compliance. We're where to turn—when InfoSec gets challenging.
SOURCE Pivot Point Security
Share this article