@sempf

The OWASP Top 10 isn't the be all and end all of application security guidance, but it is an awesome tool for bringing up the topic of application security for those that are new to it. Usually published every three years, the Top 10 shows the aggregated ten most risky vulnerabilities discovered in vulnerability assessments since the last list. It famously doesn't change much, but there are some new tweaks to the 2017 list, they are important, and you should know about them. Join us to look at Insecure Deserialization, XML External Entities, Logging, Monitoring, and Access Control. We'll also bid a farewell to the dearly departed Cross Site Request Forgery, who is missed but not forgotten.

Bill Sempf is a software security architect. His breadth of experience includes business and technical analysis, software design, development, testing, server management and maintenance, and security. In his 20 years of professional experience he has participated in the creation of well over 200 applications for large and small companies, managed the software infrastructure of two Internet service providers, coded complex software happily in every environment imaginable, tested the security of all natures of applications and APIs, and made mainframes talk to cell phones. He is the author of C# 5 All in One for Dummies and Windows 8 Programming with HTML5 For Dummies; a coauthor of Effective Visual Studio.NET and many other books, a frequent contributor to industry magazines; and has recently been an invited speaker for the ACM and IEEE, BlackHat, CodeMash, DerbyCon, BSides, DevEssentials, the International XML Web Services Expo and the Association of Information Technology Professionals. Bill also serves on the board of the Columbus branch of the Open Web Application Security Project, is a Microsoft MVP, and is the Administrative Director of Locksport International.

Back to BSides Cleveland 2018 video list