Thanks for listening!
- Top 10 culled from 100s organizations, 1000s applications, 50000 vulnerabilities
- OWASP Store
- OWASP Books
- Troy Hunt – Introducing OWASP top 10 for ASP.NET
- Troy Hunt – OWASP top 10 for ASP.NET on pluralsight
- STRIDE Threats
- Quantify risk with DREAD
- Don’t do this: http://yoursite.com/redirect.to?http://dont-do-this.com
- Adobe Hack
- See if you were affected via LastPass
- Vulnerabilities in older versions of Spring Framework
- File Format Vulnerabilities
- List of WordPress Vulnerabilities
- Scraping the e-mail addresses of about 120,000 iPad users from a poorly secured AT&T registration website.
- Plain text data, logging
- Anonymous/Lulsec attacks – Sony / Adobe
- Multi-Hash Password hints
- Change Default Passwords!
- Verbose Error Pages
- Make sure your up to date!
- Stored XSS Attack
- MySpace vs. XSS Worm
- Most prevalent flaw!
- Not changing on login
- SQL – Parameterized, Stored Procs, ORM
- Other Types of Injection, XML, Log
- Sony Attacks
- Sql Injection Hall of Shame
- Bobby Tables
Predictions about the future!
- Joe: Security Misconfiguration moving to top 3
- Allen: XSS on phones!
- Michael: Sensitive data exposure
- Searches in a Post Prism World
- Security Now! Podcast
- Havij – Advanced Sql Injection
- Burp Suite
- OWASP WebGoat
- Gray Hat Python: Python Programming for Hackers and Reverse Engineers