Loading presentation...

Present Remotely

Send the link below via email or IM


Present to your audience

Start remote presentation

  • Invited audience members will follow you as you navigate and present
  • People invited to a presentation do not need a Prezi account
  • This link expires 10 minutes after you close the presentation
  • A maximum of 30 users can follow your presentation
  • Learn more about this feature in our knowledge base article

Do you really want to delete this prezi?

Neither you, nor the coeditors you shared it with will be able to recover it again.


OWASP Top Ten Defenses


Jason Johnson

on 29 August 2013

Comments (0)

Please log in to add your comment.

Report abuse

Transcript of OWASP Top Ten Defenses

Top TEN Proactive Controls
Secure Requirements
Core requirements for any project
Business logic requirements
(project specific)
Jim Manico
Scan Me
Secure Architecture and Design
When to use request, session
or database for data flow.
Mr Snifferson
Business specific features
We think
it works
Leverage secure coding frameworks and libraries
Turnkey Security Library

Business Specific
Security Library

Apache SHIRO
Identity and Authentication
Password Storage
Forgot Password Workflow
Multi Factor Auth
Session Management
Access Control
Limitations of Role Based Access Control
Mr Thin Line
Capabilities-based access control
Access Control and Intrusion Detection
Query Parameterization
Stored Procedures and
Query Parameterization

Building SQL and
Query Parameterization

White List Black List
Input Validation and Internationalization
URL validation
My Name is...WHAT
HTML Validation
Code and Data
Output encoding for XSS
Query Parameterization
Other encodings for LDAP, XML
construction and OS Command injection resistance
Data Protection
At rest with AES
In transit with SSL
Secure number generation

Logging, Error Handling and Intrusion Detection
Full transcript