A Logo

Feel free to include my content in your page via my
RSS feed

Help Irongeek.com pay for
bandwidth and research equipment:

Search Irongeek.com:

Affiliates:
Irongeek Button
Social-engineer-training Button

Help Irongeek.com pay for bandwidth and research equipment:

paypalpixle


Beyond OWASP Top 10 - Aaron Hnatiw NolaCon 2017 (Hacking Illustrated Series InfoSec Tutorial Videos)

Beyond OWASP Top 10
Aaron Hnatiw
@insp3ctre

We've all heard of the OWASP Top 10- it is the standard first reference we give web developers who are interested in making their applications more secure. It is also the categorization scheme we give to web vulnerabilities on our pentest reports. But surely there is more to web application security than the OWASP Top 10, right? In this talk, we will discuss 5 vulnerabilities that don't quite fit into the OWASP Top 10 categories, but are just as dangerous if present in a web application. Both developers and pentesters will benefit from this talk, as both exploits and mitigations will be covered for each of the 5 vulnerabilities.

Aaron Hnatiw is a Senior Security Researcher for Security Compass, an information security advisory firm specializing in application security. Prior to working at Security Compass, Aaron was a professor of Application Security at Georgian College, as well as the founder of Inspectral Security, a security consulting company specializing in red team assessments and vulnerability assessments. Aaron?s background has covered most areas of information technology- he has worked as a security consultant, system administrator, web and desktop application developer, and network security engineer. His current role involves researching information security issues across industries, and developing innovative solutions to these problems.

Recorded at NolaCon 2017

Back to NolaCon 2017 video list

Printable version of this article

15 most recent posts on Irongeek.com:


If you would like to republish one of the articles from this site on your webpage or print journal please contact IronGeek.

Copyright 2016, IronGeek
Louisville / Kentuckiana Information Security Enthusiast