The OWASP Top 10 is the standard first reference we give web developers who are interested in making their applications more secure. It is also the categorization scheme we give to web vulnerabilities on our security assessment reports. And finally, and perhaps most frighteningly, it is the most common framework used by organizations for securing their web applications. But what if there was more to web application security than the OWASP Top 10?
In this talk, recorded at Hack in Paris 2017, our Senior Security Researcher, Aaron Hnatiw, discusses the vulnerabilities that don’t fit into the OWASP Top 10 categories but are just as dangerous if present in a web application. Developers and pentesters will benefit from this talk, as both exploits and mitigations will be covered for each of the vulnerabilities.
We’re currently running a series of articles called, “Beyond the OWASP Top 10,” that explores other common vulnerabilities that fall outside of the OWASP Top 10. Each article explains a vulnerability in depth and offers strategies for defending against it. Read part 1 of the series, on Race Conditions, here.
Security Compass’s consultants know to look beyond the OWASP Top 10 when performing web application security assessments. Our Advisory team is dedicated to staying on top of the latest vulnerabilities, so our clients can focus their core business without falling behind on security.
For more information on our Advisory team and their services, including helping business protect against vulnerabilities that fall beyond the OWASP Top 10, visit us online here.