A Logo

Feel free to include my content in your page via my
RSS feed

Help Irongeek.com pay for
bandwidth and research equipment:

Subscribestar or Patreon

Search Irongeek.com:

Irongeek Button
Social-engineer-training Button

Help Irongeek.com pay for bandwidth and research equipment:


Lessons learned from a OWASP Top 10 Datacall - Brian Glas BSides Chattanooga 2018 (Hacking Illustrated Series InfoSec Tutorial Videos)

Lessons learned from a OWASP Top 10 Datacall
Brian Glas
BSides Chattanooga 2018

The goal of the OWASP Top 10 project is to raise awareness and create a baseline for application security by identifying some of the most critical risks facing organizations. The Top 10 project is referenced by many standards, books, tools, and organizations, including MITRE, PCI DSS, DISA, FTC, and many more. To shape the OWASP Top 10 2017, the project ran a public call for data and industry survey to help define what should be included in the list. Gain insight into some of the details of the OWASP Top 10 Call for Data and industry survey, and what we were attempting to learn. Hear about was learned from collecting and analyzing widely varying industry data and attempts to build a dataset for comparison and analysis. This talk will discuss tips and common pitfalls for structuring vulnerability data and the subsequent analysis. Learn what the data can tell us and what questions are still left unanswered. Uncover some of the differences in collecting metrics in different stages of the software lifecycle and recommendations for handling them.

Brian has worked in IT for over 16 years and Information/Application Security for the last decade. He started as an Enterprise Java Developer; then transitioned to helping build an Application Security program as both tech lead and manager. He later played the role of Enterprise Architect and did a little incident response and reverse engineering malware for fun. He then spent a number of years as a consultant helping clients build AppSec Programs, create/update SDLCs, and other related initiatives. He has worked on the Trustworthy Computing team at Microsoft and is currently working at nVisium as the Director of Strategic Services. He is a co-lead for SAMM v1.1-2.0 and the OWASP Top 10. Brian has previously spoke at a few security chapter meetings and several conferences.

Back to BSides Chattanooga 2018 video list

Printable version of this article

15 most recent posts on Irongeek.com:

If you would like to republish one of the articles from this site on your webpage or print journal please contact IronGeek.

Copyright 2020, IronGeek
Louisville / Kentuckiana Information Security Enthusiast