Big thank you to Morningstar for hosting the recent OWASP meetup. The evening was filled with really informative content in a couple of areas all tied to OWASP.
First up was Carlos Pero, Head of Cyber Application Security over at Zurich Insurance Company.
Topic: What changed with the most recent 2017 release of OWASP?
The OWASP Top 10 Application Security Risks have been updated again for 2017, but actually is a “risk”? An auditor may have the dictionary definition, but if you ask different people actually working in information security, and you’ll likely get different answers. This issue was confusing enough even in OWASP circles that the first 2017 release candidate was rejected, so let’s discuss what needed to change since 2013, and more importantly what companies should focus on going forward.”
Here is the presentation: OWASP 2017 Presentation
Next was Adam Lewis, Chief Security Architect at Motorola Solutions.
Topic: Fixing Broken authentication with FIDO.
The 2017 OWASP Top 10 lists Broken Authentication as the #2 security risk to web applications, and a recent DBIR report indicated that compromised passwords were responsible for 81% of all data breaches. Current MFA solutions like SMS and other OTP are just as broken, still phishable and suffering from a poor UX. FIDO is one of the most exciting innovations in security, and which for the first time brings a multi-factor authentication standard to the mass market combining military-grade security, awesome UX, privacy, and interoperability – all in a single stack that will soon be baked into the computing platforms we already own.
Here is the presentation: FIDO presentation
Last but not least, we had Tony Ramirez, Mobile Security Analysts with NowSecure.
Topic: 85% of 3rdParty App Store Apps Fail OWASP Mobile Top 10: Are you exposed?
A recent comprehensive analysis of more than 45,000 iOS and Android 3rd party apps in the Apple® App Store® and the Google Play™ store found that a staggering 85% of those apps fail one or more of the OWASP Mobile Top 10 criteria. Given the complexity of mobile pen testing, most organizations have little to no visibility 3rd Party mobile app security, compliance and privacy risk. During this session, a NowSecure mobile security expert will review the OWASP Mobile Top 10 requirements, explore the massive data set, detail the areas of exposure, and share mitigation recommendations. Mobile apps power productivity in the modern business; don’t let a few bad apps bring you down.
Here is the presentation: OWASP Top 10 Mobile Report Presentation
Thank you so much to the presenters and everyone that attended, we look forward to seeing everyone at the next OWASP meetup.
To learn how our ThirdPartyTrust platform can help you scale your TPRM program, request a demo now:
