Loading…
AppSec California 2020, January 21-24 at the Annenberg Beach House, Santa Monica, CA
Back To Schedule
Thursday, January 23 • 2:00pm - 2:50pm
From the OWASP Top Ten(s) to the OWASP ASVS

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Tweet Share
Feedback form is now closed.
Some people are under the misconception that if they follow the OWASP top 10 that they will have secure web applications. But in reality, the OWASP Top Ten (and other top ten lists) are just the bare minimum that
at best provide entry-level general awareness. A more comprehensive understanding of Application Security is needed.

This talk with review the OWASP Top Ten 2017 and the OWASP Top Ten Proactive Controls 2018 and
compare them to a more comprehensive standard: the OWASP Application Security Verification Standard (ASVS) v4.0. OWASP's ASVS contains over 180 requirements that can provide a basis for defining what secure software really is.

The OWASP ASVS can be used to help test technical security controls of web and API applications. It can also be used to provide developers with a list of requirements for secure development with much more nuance and detail than a top ten list! You cannot base a security program off a Top Ten list. You can base an Application Security program off of the OWASP ASVS.
Speakers
avatar for Jim Manico

Jim Manico

Founder, Manicode Security
Jim Manico is the founder of Manicode Security, where he specializes in training software developers on secure coding and security engineering. He is actively involved in multiple ventures, serving as an investor/advisor for companies like SemGrep, Nucleus Security, Defect Dojo, KSOC... Read More →

AppSec Cali 2020 ASVS 4.0 Final pdf
Thursday January 23, 2020 2:00pm - 2:50pm PST
Sand and Sea Room
  Talk: Protect It