{% set baseFontFamily = "Open Sans" %} /* Add the font family you wish to use. You may need to import it above. */

{% set headerFontFamily = "Open Sans" %} /* This affects only headers on the site. Add the font family you wish to use. You may need to import it above. */

{% set textColor = "#565656" %} /* This sets the universal color of dark text on the site */

{% set pageCenter = "1400px" %} /* This sets the width of the website */

{% set headerType = "fixed" %} /* To make this a fixed header, change the value to "fixed" - otherwise, set it to "static" */

{% set lightGreyColor = "#f7f7f7" %} /* This affects all grey background sections */

{% set baseFontWeight = "normal" %} /* More than likely, you will use one of these values (higher = bolder): 300, 400, 700, 900 */

{% set headerFontWeight = "normal" %} /* For Headers; More than likely, you will use one of these values (higher = bolder): 300, 400, 700, 900 */

{% set buttonRadius = '40px' %} /* "0" for square edges, "10px" for rounded edges, "40px" for pill shape; This will change all buttons */

After you have updated your stylesheet, make sure you turn this module off

OWASP Top 10: Why it Still Matters

by Jason Taylor on September 8, 2017

The OWASP Top Ten is an expert consensus of the most critical risks facing web applications and the teams who are developing them. The primary purpose is to raise awareness and provide a framework for prioritizing your application security efforts. You can use the OWASP Top 10 to address most common attacks and vulnerabilities that expose your organization to attack.

Due to the importance of Application Security in reducing overall IT risk, the OWASP Top 10 has been adopted or referenced by a large number of government agencies, industry standards bodies, and prominent companies such as Microsoft, PCI Security Standards Council, Citibank, NIST and others.  These organizations continue to hone and enhance the OWASP Top Ten so it reflects the reality of today’s threatscape. An update for 2017 will be release by the end of this year to include all that’s changed and been learned since the last release in 2013.

The OWASP Top Ten Project has been successful because it’s easy to understand, it helps users prioritize risk, and its actionable. There’s a lot to love:

  • For the most part it focuses on the most critical threats, rather than specific vulnerabilities. Threats are a more stable measure of risk because they never go away and can provide a framework to think about attacks and vulnerability trends.
  • The cadence of release of every 3 years balances the tempo of change in the application security market to produce recommendations with confidence that it doesn’t reflect short-term fluctuations.
  • It’s not just about secure coding, there is a great deal of technical information about key risks and countermeasures. All the various exams, tools, methodologies and checklists are designed to be used at every phase of software development.
  • There is a passionate and knowledgeable community contributing, with varying points of view to get a thorough understanding of the current state of application security.
  • There are other lists that go beyond web application security - there is an OWASP Mobile Top Ten and Privacy risk projects as well as a new list of proactive controls.
  • It can be used as security marching orders to align teams and to justify security activities to management, and to show progress over time toward industry standard security and compliance.

Join us on September 13th at 1:00pm ET for our informational webinar: OWASP Top 10: Threats & Mitigations. for more on interpreting threats and providing actionable offensive and defensive best practices.  

Topics: application security, application risk & compliance, owasp, OWASP Top Ten

Most Recent

Featured Resource