Featured
OWASP Top 10: Server Side Request Forger - Ep10
John Wagnon, Solutions Architect, F5
SSRF flaws occur when a web app fetches a remote resource without validating the user-supplied URL. Attackers can coerce the app to send a request to an unexpected destination—even if it’s secured by a firewall, VPN, or other network access control list (ACL).
The OWASP Top 10 is a broad consensus about the most critical security risks to web applications. The update gives guidance to help secure modern web applications and architectures from exploits, abuse, and misconfiguration, as well as recommendations for mitigating new risks involving software supply chains, CI/CD pipelines, and open source software.
Watch the OWASP Top 10 Lightboard Lesson series for a breakdown of the OWASP Top 10 and learn:
• How OWASP creates its Top 10 list of the most critical security risks to web applications.
• Key changes including recategorization of risk to align symptoms to root causes.
• When each risk can manifest, why it matters, and how to improve your security posture.
The Open Web Application Security Project (OWASP) is a nonprofit foundation that works to improve the security of software. OWASP maintains a variety of projects, including the Top 10 web application security risks standard awareness document for developers and security practitioners.
All episodes
-
OWASP Top 10: Overview
John Wagnon, Solutions Architect, F5
John starts out by explaining what the OWASP Top 10 is. He highlights themes like risk re-orientation around symptoms and root causes, new risk categories, and modern application architectures. Follow along for a video on each of the Top 10 risks.
The OWASP Top 10 is a broad consensus about the most critical security risks to web applications. The update gives guidance to help secure modern web applications and architectures from exploits, abuse, and misconfiguration, as well as recommendations for mitigating new risks involving software supply chains, CI/CD pipelines, and open source software.
Watch the OWASP Top 10 Lightboard Lesson series for a breakdown of the OWASP Top 10 and learn:
• How OWASP creates its Top 10 list of the most critical security risks to web applications.
• Recategorization of risk to align symptoms to root causes.
• When each risk can manifest, why it matters, and how to improve your security posture.The Open Web Application Security Project (OWASP) is a nonprofit foundation that works to improve the security of software. OWASP maintains a variety of projects, including the Top 10 web application security risks standard awareness document for developers and security practitioners.
Follow the link to sign up and tune into the next episode.
By watching this lightboard session, your personal details will be shared with F5 and treated in accordance with the F5 Privacy Notice (https://www.f5.com/company/policies/privacy-notice). You also are signing up to be contacted about F5 products and services but you can unsubscribe at any time
-
OWASP Top 10: Broken Access Control - Ep 1
John Wagnon, Solutions Architect, F5
94% of tested apps showed some form of broken access control. Failures can result in unauthorized disclosure, modification or destruction of data, privilege escalation and lead to account takeover (ATO), data breach, fines, and brand damage.
Protect Your Web Apps from New and Critical Risks
The OWASP Top 10 is a broad consensus about the most critical security risks to web applications. The update gives guidance to help secure modern web applications and architectures from exploits, abuse, and misconfiguration, as well as recommendations for mitigating new risks involving software supply chains, CI/CD pipelines, and open source software.
Watch the OWASP Top 10 Lightboard Lesson series for a breakdown of the new OWASP Top 10 and learn:
• How OWASP creates its Top 10 list of the most critical security risks to web applications.
• Key changes and including recategorization of risk to align symptoms to root causes.
• When each risk can manifest, why it matters, and how to improve your security posture.The Open Web Application Security Project (OWASP) is a nonprofit foundation that works to improve the security of software. OWASP maintains a variety of projects, including the Top 10 web application security risks standard awareness document for developers and security practitioners.
Follow the link to sign up and tune into the next episode.
By watching this lightboard session, your personal details will be shared with F5 and treated in accordance with the F5 Privacy Notice (https://www.f5.com/company/policies/privacy-notice). You also are signing up to be contacted about F5 products and services but you can unsubscribe at any time
-
OWASP Top 10: Cryptographic Failures - Ep 2
John Wagnon, Solutions Architect, F5
2021 OWASP Top 10: Cryptographic Failures - 02
Cryptographic failures, previously known as "Sensitive Data Exposure", lead to sensitive data exposure and hijacked user sessions. Despite widespread TLS 1.3 adoption, old and vulnerable protocols are still being enabled.
Protect Your Web Apps from New and Critical Risks
The OWASP Top 10 is a broad consensus about the most critical security risks to web applications. The update gives guidance to help secure modern web applications and architectures from exploits, abuse, and misconfiguration, as well as recommendations for mitigating new risks involving software supply chains, CI/CD pipelines, and open source software.
Watch the OWASP Top 10 Lightboard Lesson series for a breakdown of the new OWASP Top 10 and learn:
• How OWASP creates its Top 10 list of the most critical security risks to web applications.
• Key changes for 2021, including recategorization of risk to align symptoms to root causes.
• When each risk can manifest, why it matters, and how to improve your security posture.The Open Web Application Security Project (OWASP) is a nonprofit foundation that works to improve the security of software. OWASP maintains a variety of projects, including the Top 10 web application security risks standard awareness document for developers and security practitioners.
Follow the link to sign up and tune into the next episode.
-
OWASP Top 10: Injection - Ep 3
John Wagnon, Solutions Architect, F5
Injection is a broad class of attack vectors where untrusted input alters app program execution. This can lead to data theft, loss of data integrity, denial of service, and full system compromise. Injection is no longer the top risk, but still formidable.
Protect Your Web Apps from New and Critical Risks
The OWASP Top 10 is a broad consensus about the most critical security risks to web applications. The update gives guidance to help secure modern web applications and architectures from exploits, abuse, and misconfiguration, as well as recommendations for mitigating new risks involving software supply chains, CI/CD pipelines, and open source software.
Watch the OWASP Top 10 Lightboard Lesson series for a breakdown of the OWASP Top 10 and learn:
• How OWASP creates its Top 10 list of the most critical security risks to web applications.
• Key changes including recategorization of risk to align symptoms to root causes.
• When each risk can manifest, why it matters, and how to improve your security posture.The Open Web Application Security Project (OWASP) is a nonprofit foundation that works to improve the security of software. OWASP maintains a variety of projects, including the Top 10 web application security risks standard awareness document for developers and security practitioners.
Follow the link to sign up and tune into the next episode.
By watching this lightboard session, your personal details will be shared with F5 and treated in accordance with the F5 Privacy Notice (https://www.f5.com/company/policies/privacy-notice). You also are signing up to be contacted about F5 products and services but you can unsubscribe at any time
-
OWASP Top 10: Insecure Design - Ep 4
John Wagnon, Solutions Architect, F5
Security needs to be inherent to applications. A secure design can still have implementation defects leading to vulnerabilities. An insecure design can’t be fixed by perfect implementation.
Protect Your Web Apps from New and Critical Risks
The OWASP Top 10 is a broad consensus about the most critical security risks to web applications. The update gives guidance to help secure modern web applications and architectures from exploits, abuse, and misconfiguration, as well as recommendations for mitigating new risks involving software supply chains, CI/CD pipelines, and open source software.
Watch the OWASP Top 10 Lightboard Lesson series for a breakdown of the OWASP Top 10 and learn:
• How OWASP creates its Top 10 list of the most critical security risks to web applications.
• Key changes including recategorization of risk to align symptoms to root causes.
• When each risk can manifest, why it matters, and how to improve your security posture.The Open Web Application Security Project (OWASP) is a nonprofit foundation that works to improve the security of software. OWASP maintains a variety of projects, including the Top 10 web application security risks standard awareness document for developers and security practitioners.
Follow the link to sign up and tune into the next episode.
By watching this lightboard session, your personal details will be shared with F5 and treated in accordance with the F5 Privacy Notice (https://www.f5.com/company/policies/privacy-notice). You also are signing up to be contacted about F5 products and services but you can unsubscribe at any time
-
OWASP Top 10: Security Misconfiguration - Ep 5
John Wagnon, Solutions Architect, F5
Security Misconfiguration is a major source of cloud breaches. Learn what to do and avoid—as modern app development, software re-use, and architectural sprawl across clouds increases this risk.
Protect Your Web Apps from New and Critical Risks
The OWASP Top 10 is a broad consensus about the most critical security risks to web applications. The update gives guidance to help secure modern web applications and architectures from exploits, abuse, and misconfiguration, as well as recommendations for mitigating new risks involving software supply chains, CI/CD pipelines, and open source software.
Watch the OWASP Top 10 Lightboard Lesson series for a breakdown of the OWASP Top 10 and learn:
• How OWASP creates its Top 10 list of the most critical security risks to web applications.
• Key changes including recategorization of risk to align symptoms to root causes.
• When each risk can manifest, why it matters, and how to improve your security posture.The Open Web Application Security Project (OWASP) is a nonprofit foundation that works to improve the security of software. OWASP maintains a variety of projects, including the Top 10 web application security risks standard awareness document for developers and security practitioners.
Follow the link to sign up and tune into the next episode.
By watching this lightboard session, your personal details will be shared with F5 and treated in accordance with the F5 Privacy Notice (https://www.f5.com/company/policies/privacy-notice). You also are signing up to be contacted about F5 products and services but you can unsubscribe at any time
-
OWASP Top 10: Vulnerable and Outdated Components - Ep 6
John Wagnon, Solutions Architect, F5
Open Source software exploits are behind many of the biggest security incidents. The recent Log4j2 vulnerability is perhaps the most serious risk in this category to date.
The OWASP Top 10 is a broad consensus about the most critical security risks to web applications. The update gives guidance to help secure modern web applications and architectures from exploits, abuse, and misconfiguration, as well as recommendations for mitigating new risks involving software supply chains, CI/CD pipelines, and open source software.
Watch the OWASP Top 10 Lightboard Lesson series for a breakdown of the OWASP Top 10 and learn:
• How OWASP creates its Top 10 list of the most critical security risks to web applications.
• Key changes including recategorization of risk to align symptoms to root causes.
• When each risk can manifest, why it matters, and how to improve your security posture.The Open Web Application Security Project (OWASP) is a nonprofit foundation that works to improve the security of software. OWASP maintains a variety of projects, including the Top 10 web application security risks standard awareness document for developers and security practitioners.
Follow the link to sign up and tune into the next episode.
By watching this lightboard session, your personal details will be shared with F5 and treated in accordance with the F5 Privacy Notice (https://www.f5.com/company/policies/privacy-notice). You also are signing up to be contacted about F5 products and services but you can unsubscribe at any time.
-
OWASP Top 10: Identification and Authentication Failures - Ep7
John Wagnon, Solutions Architect, F5
It is critical to confirm identity and use strong authentication and session management to protect against business logic abuse. Most authentication attacks trace to the continued use of passwords. Compromised credentials, botnets, and sophisticated tools provide an attractive ROI for automated attacks like credential stuffing.
Protect Your Web Apps from New and Critical Risks
The OWASP Top 10 is a broad consensus about the most critical security risks to web applications. The 2021 update gives guidance to help secure modern web applications and architectures from exploits, abuse, and misconfiguration, as well as recommendations for mitigating new risks involving software supply chains, CI/CD pipelines, and open source software.
Watch the OWASP Top 10 Lightboard Lesson series for a breakdown of the OWASP Top 10 and learn:
• How OWASP creates its Top 10 list of the most critical security risks to web applications.
• Key changes including recategorization of risk to align symptoms to root causes.
• When each risk can manifest, why it matters, and how to improve your security posture.The Open Web Application Security Project (OWASP) is a nonprofit foundation that works to improve the security of software. OWASP maintains a variety of projects, including the Top 10 web application security risks standard awareness document for developers and security practitioners.
Follow the link to sign up and tune into the next episode.
By watching this lightboard session, your personal details will be shared with F5 and treated in accordance with the F5 Privacy Notice (https://www.f5.com/company/policies/privacy-notice). You also are signing up to be contacted about F5 products and services but you can unsubscribe at any time.
-
OWASP Top 10: Software and Data Integrity Failures - Ep8
John Wagnon, Solutions Architect, F5
This new risk category focuses on making assumptions related to software updates, critical data, and CI/CD pipelines without verifying integrity. The SolarWinds supply-chain attack is one of the most damaging we've seen.
The OWASP Top 10 is a broad consensus about the most critical security risks to web applications. The update gives guidance to help secure modern web applications and architectures from exploits, abuse, and misconfiguration, as well as recommendations for mitigating new risks involving software supply chains, CI/CD pipelines, and open source software.
Watch the OWASP Top 10 Lightboard Lesson series for a breakdown of the OWASP Top 10 and learn:
• How OWASP creates its Top 10 list of the most critical security risks to web applications.
• Key changes including recategorization of risk to align symptoms to root causes.
• When each risk can manifest, why it matters, and how to improve your security posture.The Open Web Application Security Project (OWASP) is a nonprofit foundation that works to improve the security of software. OWASP maintains a variety of projects, including the Top 10 web application security risks standard awareness document for developers and security practitioners.
Follow the link to sign up and tune into the next episode.
By watching this lightboard session, your personal details will be shared with F5 and treated in accordance with the F5 Privacy Notice (https://www.f5.com/company/policies/privacy-notice). You also are signing up to be contacted about F5 products and services but you can unsubscribe at any time.
-
OWASP Top 10: Security Logging and Monitoring Failures - Ep9
John Wagnon, Solutions Architect, F5
Without properly logging and monitoring app activities, breaches cannot be detected. Not doing so directly impacts visibility, incident alerting, and forensics. The longer an attacker goes undetected, the more likely the system will be compromised.
The OWASP Top 10 is a broad consensus about the most critical security risks to web applications. The update gives guidance to help secure modern web applications and architectures from exploits, abuse, and misconfiguration, as well as recommendations for mitigating new risks involving software supply chains, CI/CD pipelines, and open source software.
Watch the OWASP Top 10 Lightboard Lesson series for a breakdown of the OWASP Top 10 and learn:
• How OWASP creates its Top 10 list of the most critical security risks to web applications.
• Key changes including recategorization of risk to align symptoms to root causes.
• When each risk can manifest, why it matters, and how to improve your security posture.The Open Web Application Security Project (OWASP) is a nonprofit foundation that works to improve the security of software. OWASP maintains a variety of projects, including the Top 10 web application security risks standard awareness document for developers and security practitioners.
Follow the link to sign up and tune into the next episode.
By watching this lightboard session, your personal details will be shared with F5 and treated in accordance with the F5 Privacy Notice (https://www.f5.com/company/policies/privacy-notice). You also are signing up to be contacted about F5 products and services but you can unsubscribe at any time.
-
OWASP Top 10: Server Side Request Forger - Ep10
John Wagnon, Solutions Architect, F5
SSRF flaws occur when a web app fetches a remote resource without validating the user-supplied URL. Attackers can coerce the app to send a request to an unexpected destination—even if it’s secured by a firewall, VPN, or other network access control list (ACL).
The OWASP Top 10 is a broad consensus about the most critical security risks to web applications. The update gives guidance to help secure modern web applications and architectures from exploits, abuse, and misconfiguration, as well as recommendations for mitigating new risks involving software supply chains, CI/CD pipelines, and open source software.
Watch the OWASP Top 10 Lightboard Lesson series for a breakdown of the OWASP Top 10 and learn:
• How OWASP creates its Top 10 list of the most critical security risks to web applications.
• Key changes including recategorization of risk to align symptoms to root causes.
• When each risk can manifest, why it matters, and how to improve your security posture.The Open Web Application Security Project (OWASP) is a nonprofit foundation that works to improve the security of software. OWASP maintains a variety of projects, including the Top 10 web application security risks standard awareness document for developers and security practitioners.