Cyber Risk

IAM: The Reason Why OWASP Top 10 Doesn't Change

OWASP's AppSec conference is easily one of the best in the infosec industry. Where will it be held this year? Why not Punxsutawney?

Gunnar Peterson, CISO, Forter

November 30, 2012

1 Min Read

OWASP's AppSec conference is easily one of the best in the infosec industry. Where will it be held this year? Why not Punxsutawney?

Some years ago, Chris Hoff asked why the OWASP Top 10 doesn't change. Yes, Appsec feels like Groundhog Day, but it's not because the people at OWASP are sitting on their hands. The OWASP Top 10 catalogs the top Web vulnerabilities that all applications face, and it's reviewed and updated on a regular basis. But Hoff is right: It mostly does not change.

To refresh your memory, here is the OWASP Top 10 for 2010:

About the Author

Gunnar Peterson

CISO, Forter

Gunnar Peterson currently serves as Forter's chief information security officer (CISO). Prior to Forter, he held leadership positions at Bank of America as chief security architect and Carnegie Mellon University's Software Engineering Institute as visiting scientist. Gunnar is also a leading contributor to the Open Web Application Security Project (OWASP), the Cloud Security Alliance and the Institute of Electrical and Electronics Engineers (IEEE).

See more from Gunnar Peterson

Related Topics

Related Topics

Related Topics

Related Topics

IAM: The Reason Why OWASP Top 10 Doesn't Change

About the Author

Editor's Choice

Related Topics

Related Topics

Related Topics

Related Topics

<span class="ArticleBase-LargeTitle">IAM: The Reason Why OWASP Top 10 Doesn't Change</span>IAM: The Reason Why OWASP Top 10 Doesn't Change

About the Author

Editor's Choice

IAM: The Reason Why OWASP Top 10 Doesn't Change