We’ve all heard of the OWASP Top 10—it is the standard first reference we give web developers who are interested in making their applications more secure. It is also the categorization scheme we give to web vulnerabilities on our pentest reports. But surely there is more to web application security than the OWASP Top 10, right?
In this talk that our Senior Security Researcher, Aaron Hnatiw, recently gave at NolaCon 2017, he discusses three vulnerabilities that don’t quite fit into the OWASP Top 10 categories but are just as dangerous if present in a web application. Both developers and pentesters can benefit from Aaron’s talk, as he covers both exploits and mitigations for each of the three vulnerabilities.
Follow Aaron Hnatiw on Twitter @insp3ctre.