March 9-11, 2011
Montreal, Canada
OWASP Top Ten 2010: understanding the attacks
The OWASP foundation recently published the 2010 version of its reference document describing the top 10 web application security risks.
During this talk, ten intrusion techniques will be shown to the audience, to have a better understanding of the risks described in the OWASP Top 10 2010 document.
Agenda:
- Basic theory on risks, threats and software vulnerabilities
- Presentation of the 10 intrusion techniques
- Best practices when working with the OWASP Top 10 2010
- Discussion, questions
Note: due to the reduced time available, the talk will focus on explaining the intrusion techniques on web applications. Developers interested in working on the defensive coding aspects should also participate in the secure development training.
During this talk, ten intrusion techniques will be shown to the audience, to have a better understanding of the risks described in the OWASP Top 10 2010 document.
Agenda:
- Basic theory on risks, threats and software vulnerabilities
- Presentation of the 10 intrusion techniques
- Best practices when working with the OWASP Top 10 2010
- Discussion, questions
Note: due to the reduced time available, the talk will focus on explaining the intrusion techniques on web applications. Developers interested in working on the defensive coding aspects should also participate in the secure development training.
Antonio Fontes
OWASP Switzerland
Antonio Fontes has over ten years experience in the software and information security industry. He is an active member of the OWASP Switzerland board and has contributed to several open projects such as the "CWE Top 25 most dangerous programming errors." His day job involves assisting both public and private organizations in increasing security visibility and control over their software, such as with dev training, threat modeling, design review, code reviews, penetration testing, etc.
Montreal 2011 sponsored by
