Loading…
This event has ended. View the official site or create your own event → Check it out
This event has ended. Create your own
View analytic
Tuesday, January 27 • 1:45pm - 2:45pm
OWASP Top Ten Proactive Controls

Sign up or log in to save this to your schedule and see who's attending!

The major cause of web insecurity is poor development practices. We cannot “firewall” or “patch” our way to secure websites. Programmers need to learn to build websites differently. No company or industry is immune.
The OWASP Ten Ten Proactive Controls Project is a Top-Ten like document that focuses directly on informing developers of necessary secure coding techniques. This talk describes the bare minimum required of a development team if they wish to have even a small chance of producing secure software.

- Validation
- Whitelist Validation (struggles with internationalization)
- URL validation (as part of redirect features)
- HTML Validation (as part of untrusted content from features like TinyMCE)

Authentication
- Password storage, HMAC's for scale
- Multi-factor AuthN implementation details
- OAuth
- Forgot password workflow

Access Control
- Limits of access control
- Permission-based access control

Encoding
- Output encoding for XSS
- Query Parameterization
- Other encodings for LDAP, XML construction and OS Command injection resistance

Data Protection
- Secure number generation
- Certificate pinning
- Proper use of AES (CBC/IV Management)

Secure Requirements
- Core requirements for any project (technical)
- Business logic requirements (project specific)

Secure Architecture and Design
- When to use request, session or database for data flow

Speakers
avatar for Jim Manico

Jim Manico

Troll, The Internet
Jim Manico is an author and educator of developer security awareness trainings and has a 17 year history building software as a developer and architect. He is a frequent speaker on secure software practices and is a member of the JavaOne rockstar speaker community. Jim is also a Global Board Member for the OWASP foundation where he helps drive the strategic vision for the organization. He manages and participates in several OWASP projects... Read More →


Tuesday January 27, 2015 1:45pm - 2:45pm
Annenberg Community Beach House: Track 3 415 Pacific Coast Hwy, Santa Monica, CA 90402

Attendees (8)