OWASP Top 10 Vulnerabilities List â Youâre Probably Using It Wrong>
White Source – Gabriel Avner
Gabriel AvnerFirst issued in 2004 by the Open Web Application Security Project, the now-famous OWASP Top 10 Vulnerabilities list (included at the bottom of the article) is probably the closest that the development community has ever come to a set of commandments on how to keep their products secure. Unfortunately, as the OWASP Top 10 Vulnerabilities list has reached a wider audience, its real intentions as a guide have been misinterpreted, hurting developers instead of helping. So how should we understand the purpose of this list and actually encourage developers to code more securely? Â Â In a recent interview, OWASPâs chairman Martin Knobloch voiced his disappointment at the list being used as a sort of checklist for a final run through before a release, serving more as a validation mechanism than a guide. The OWASP Top 10 is not set up to resolve every attack in the book, but to help teams avoid the common mistakes which are far more likely to get their applications breached. A determined attacker can find many avenues to breach their target. However, the smart risk management advisories do not focus on the minority of cases but instead seek to address the issues facing the widest audience. Security teams that do not engage with their developers, making the effort to understand how they can empower them to have security be an inherent element of their workflow, will quickly find themselves sidelined. If you want to stay relevant, become an enabler, and use the OWASP Top 10 list as a way to start conversations, not to threaten. In the end, you might find that you catch more (O)WASPS with honey than vinegar.
Link: https://resources.whitesourcesoftware.com/blog-whitesource/owasp-top-10-vulnerabilities?utm_medium=email&utm_source=topic%20optin&utm_campaign=awareness&utm_content=20191026%20prog%20nl&mkt_tok=eyJpIj