YoVDO

From the OWASP Top Ten to the OWASP ASVS

Offered By: NDC Conferences via YouTube

Tags

NDC Conferences Courses Web Development Courses Application Security Courses Secure Software Development Courses API Security Courses OWASP ASVS Courses

Course Description

Overview

Explore a comprehensive conference talk that delves into the limitations of relying solely on the OWASP Top Ten for web application security. Learn why the OWASP Application Security Verification Standard (ASVS) v4.0 provides a more robust framework for defining and implementing secure software. Discover how the ASVS's 180+ requirements offer a nuanced approach to technical security controls for web and API applications, surpassing the basic awareness provided by top ten lists. Gain insights into using the ASVS as a foundation for a thorough Application Security program, covering topics such as architecture, authentication, password storage, session management, input validation, cryptography, data protection, communication security, business logic verification, and REST security.

Syllabus

Introduction
ASVS
The Team
NIST 863
Changes in web development
Common Weakness Enumeration
Standards Worth
Levels of Severity
DevOps
What we removed
Architecture
Authentication
Password Storage
Session Management
Input Validation
Store Cryptography
Data Protection
Communication Security
Business Logic Verification
REST Security


Taught by

NDC Conferences

Related Courses

Certified Cloud Security Professional (CCSP)
A Cloud Guru Fundamentals of Secure Software
Packt via Coursera Secure Software Development
Packt via Coursera Cybersecurity Capstone Project
University of Maryland, College Park via Coursera Cyber Security Base
University of Helsinki via Independent