It gives me great pleasure to announce the release of the OWASP Foundation API Security Top 10 - 2019 edition.
Thank you Inon Shkedy, Paulo Silva, and David Sopas for many MANY hours of work.
Download the full publication from here: lnkd.in/gM_dJQx
Follow
owasp
@owasp
We improve the security of apps with community-led open source projects, 260 local chapters, and tens of thousands of members worldwide. Famous for OWASP Top 10
owasp’s posts
The OWASP Foundation will be holding a #Virtual #AppSec Days on April 27-29th. Visit our website to see the variety of #trainings we are offering, and reserve your spot today! appsecdays.org
Improve your #Appsec skills for a great price! Visit our website today to register or learn more about OWASP Virtual Appsec Days and the 11 online training courses being offered. ow.ly/D7cN50zac5o
The OWASP Foundation would like to welcome GitLab as a Corporate Member. www2.owasp.org/supporters
Join Ben Sadeghipour for Introduction to Web Application Hacking & Bug Bounty on Nov. 8-10. Participants are given hands-on experience by learning each vulnerability category & completing a series of challenges. usa.globalappsec.org/trainings/
#cybersecurity #bugbounty #appsec
Ever wonder how to get started with "bug bounties"? Join us on March 15 for our free, live Lightning Conference to learn how! Hosted by OWASP presented by STÖK lightning.owasp.org/schedule/
The OWASP Top Ten IoT 2018 has been released! Congrats to
and everyone who has contributed to the project.
Quote
We're elated to announce the release of the OWASP IoT Top 10 for 2018 !!!
This release focuses on simplicity and usability, with a list that combines the top issues facing manufacturers, enterprises, and consumers.
owasp.org/index.php/OWAS #iot #infosec
OWASP and are pleased to announce their partnership. OWASP members now have free access to We Hack Purple's AppSec Fundamentals course, valued at $495. Thank you so much to & the We Hack Purple team!
owasp.org/executive/dire
Every website has vulnerabilities. What are yours? #GetSmart learn mitigation techniques at OWASP Global AppSec in DC dc.globalappsec.org and Amsterdam ams.globalappsec.org #SecuredMyApp
**FREE TRAINING **
You can request a free non-transferable seat for this training only via email to outreach@owasp.org. Telling us briefly why you would like to join will increase your chances of getting one of the limited seats in this training! august.appsecdays.org
⭕In 48 HOURS ⭕ - BEGINNERS JOIN US! will be on for an introduction to some authentication flows in OAuth 2.0 followed by a demo of some common bug types that can be found in them. 🔗bit.ly/_OAuth2 Sponsored by 🤓
Learn about #Android & #IoT app security by improving your mobile security testing kung-fu with . This #AppSecDays course is ideal for #Penetration #Testers, #Mobile #Developers and everybody interested in #mobile #app #security. ow.ly/4m1M50zbbbF
The Application Security Verification Standard 4.0 was released at ! There are a huge number of improvements that make it the best ever ! Get the new release here owasp.org/index.php/Cate
#Defenders, #Builders, and #Breakers all in one big tent. OWASP Global AppSec in DC dc.globalappsec.org and Amsterdam ams.globalappsec.org #SecuredMyApp
#DiversityProud It's unacceptable that only 11% of cybersecurity pros are women or minorities. We are working to change that with nearly $35,000 in diversity grants for new faces to attend OWASP Global AppSec Amsterdam ams.globalappsec.org and DC dc.globalappsec.org…
Next on , Vickie Li will go through the basics of how to review your code for vulnerabilities and some tactics for performing an effective security code review. Join us live for a chance to win a membership for ! 🔗meetup.com/OWASP-DevSlop-
Nuclei () is a community-powered scanner that can scan for almost every web-based vulnerability. How does it work and how can you tailor it to your needs? Join this session with to find out.
RSVP🔗:meetup.com/OWASP-DevSlop-
Sponsor✨
Interested in learning how to turn your bugbounty hobby into a career? Join us for our free, live Lightning Conference that will teach you how! Hosted by OWASP presented by STÖK lightning.owasp.org/schedule/
Did you know you can watch about 600 videos of OWASP and AppSec content on our YouTube channel?
Link to subscribe:
⚡ NEW SHOW ⚡ Shubs () joins for a deeper dive into subdomain takeovers, and related attacks. Join us as we explore how these attacks work, and tools and methods to prevent them 💪
RSVP: meetup.com/OWASP-DevSlop-
Sponsor:
Get ready for OWASP Chapters All Day, Coming weekend with 25 Chapters 24 Hours.
Streaming live at bit.ly/OWASPChaptersA
Mark your calendar. #OWASP #ChaptersAllDay #giveback #community
Great news! We just launched our first report for the OWASP Serverless Top 10 project. Thank everyone who participated in the project and made it possible with special thanks to our project sponsor, .
Get the report and join us: ow.ly/fuiW30mxVTg
Welcome the 2022 OWASP Global Board of Directors
Vandana Verma - Chair
Grant Ongers - Vice Chair
Glenn ten Cate - Treasurer
Avi Douglen - Secretary
Bil Corry - Member at Large
Joubin Jabbari - Member at Large
Martin Knobloch - Member at Large
owasp.org/www-board/
OWASP would like to announce a new release for the Flagship project DefectDojo. The latest release is 1.6.0 and comes with numerous new features, bug fixes and improvements include importing from 77 different security tools. More info at
NEXT WEEK on : !🎊
Farah is joining the show for an introduction to some authentication flows in OAuth 2.0 followed by a demo of a few common bug types that can be found in them! 🔗bit.ly/_OAuth2
Episode sponsored by
.'s highly intensive and interactive #AppSecDays workshop provides essential application security training for web application and API developers. Reserve your spot today. appsecdays.org/trainings/#sku
Bring your application #security #program from zero to hero with this 1/2 day course taught by . Participants will learn; planning, scaling, and measuring your AppSec program. Learn more about this course and register today ow.ly/nWEr50zb9cy #AppSecDays
We are excited to announce the first #OWASP #Serverless Top 10 call for data. Help us better understand serverless applications risks.
We need you! forms.gle/QdFJhPRdC2NFSx
And don’t miss out the Serverless Top 10 talk on #OWASP #GlobalAppSec
New Year, new events! Join our global community for our first Lightning Conference on March 15th and understand how to make a career out of Bug Bounties! Featured speaker STÖK will guide you on tools, skills, and avoiding pitfalls. Register today!
Our official YouTube channel has now 600 videos of OWASP and AppSec content!
View them and subscribe:
This interactive online #AppSecDays course will teach #security #professionals how to use #data #science techniques to quickly manipulate and analyze security data . Register today ow.ly/k79Z50zb9Us
We are happy to announce the #ModSecurity version 3.1 featuring a complete new group of rules against #Java injection attacks and much more.
#CRS3
coreruleset.org/20181128/annou
We have been accepted to the Google Summer of Code! View our Ideas List and share to the interested students you know.
summerofcode.withgoogle.com/organizations/ #GSOC #OpenSource
Today's session "Finding Security Vulnerabilities through Code Review - The OWASP way" by starts in 50 minutes.
Join us Live on the Show.
🎫 youtu.be/kpf3UkMc5Y4
The #OWASP Chapters are hosting Virtual Chapters All Day on 06th of June, 2020.
Subscribe to the channel where all the talks will be live streamed by the chapters bit.ly/OWASPChaptersA
24 Hours, 24 Chapters and 48 Talks
Stay Tuned for more updates. #ChaptersAllDay
IN 1 HOUR! will be on the show. She's joining us to talk about one of her favorite bugs, IDORs (A4)! Join us and participate to the giveaway sponsored by !
💻YouTube: youtu.be/lNcbSILRugM
Hello Everyone, OWASP Chapters All Day is live!
Tune in to the channel : youtube.com/channel/UCJNkJ
#owasp #owaspchapters #security #community
Don’t forget to join us and CEO, Louis Nyffenegger, for a no-holds-barred look at JWTs and how they can be exploited to bypass your authentication systems.
RSVP🔗: bit.ly/snyff_
Episode sponsor✨:
Did someone say "Day Passes?" Yes, someone did. Save over 50% off at OWASP Global AppSec DC when you take a single day pass compared to the Full Conference price. dc.globalappsec.org
Thank You to and for their generous support of the scholarship fund! We now have 27 women coming to on scholarship!!
Are you looking for a paid internship to that will allow you to dive deeply into a coding problem with an mentor? Join OWASP as we partner with Google for the Google summer of code. Applications close 3/26
owasp.org/index.php/GSoC
. could not be more excited about the next episode! will join our hosts to discuss Kubernetes Security. Save your spot and join us LIVE for a live stream with a few surprises🔗bit.ly/njuchi_ Episode sponsor
This course is a 100% hands-on deep dive into the #OWASP Mobile #Security Testing Guide and relevant items of the OWASP #Mobile #Application #Security #Verification Standard, so this course covers and goes beyond the OWASP Mobile Top Ten. august.appsecdays.org/#sku_HOuEQL4zz
Following recent developments relating to COVID-19, the OWASP Foundation has made the difficult decision to postpone the Global AppSec Dublin Conference to February 15-19, 2021. owasp.org/events/2020/03
We're proud to announce that the OWASP Global YouTube channel is now at over 12,500 subscribers!
Use this link to subscribe yourself or share around:
In this show, we’ll talk to Louis Nyffenegger () about attacking JWT implementation flaws, to help you assess and build secure JWT implementations.
🔗bit.ly/snyff_
Episode sponsor✨: Datadog
Almost exactly 1 year after her first speaking opportunity on , will join us again to talk to us about one of her favourite bugs, IDORs (A4)! Thank you for sponsoring the show!
📅Save the date: evt.to/ogmeadiw
OWASP API Security Top 10 2019 makes Cyber Security News
We're publishing recordings on YouTube! - subscribe and hit the bell icon to receive notifications
During 's #AppSec #training, participants will be able to identify the top 5 critical vulnerabilities in #web #applications, understand how #exploitation works & more. Visit ow.ly/fQRe50zaZMS to register for this course or to learn more about this online event.
This #AppSecDays training will be filled with #demos designed from real-world #attacks to help understand all there is to attack and #secure such #applications . ow.ly/9ncq50zbaZ9
DevOps for CISO is an online course being offered for a better understanding in: Agile and DevOps basics, , deployment, and operations, Agile threat modeling, Patch management in DevOps environments and much more. Join @Dave_von_S and register today. ow.ly/JeOS50zbaBG
Celebrate with OWASP at our 20th Anniversary Event! For 24-hours beginning at 3amET we will be running 4 tracks with 5 keynote speakers, guest speakers and sponsors. Don't miss the opportunity to register for FREE! 20thanniversary.owasp.org
Save the Date:
Global AppSec Dublin 2020 (formerly AppSec EU)
June 15-19, 2020 at Convention Center in Dublin
URL: dublin.appsecglobal.org
We are closing in on a record 4500 OWASP members! We'd really like to hit 5,000. To help us get there, the 4500th member will receive an OWASP 20th Anniversary Shirt or Hoodie and an OWASP membership pin - if it happens today. Please join!
owasp.org/membership/
More
Shout out to who found and discloused a vulnerability on our platform! Welcome to the community N00bs! #n00bsec
GIF
OWASP Mobile Security Testing Guide is coming soon...!! Download alpha version: owasp.org/index.php/OWAS
Send feedback to milan@owasp.org.!!
Have you been tasked with reviewing too much code in too little of time? This #AppSecDays course with & addresses these common challenges in modern #secure #code review. Reserve your spot now. appsecdays.org/trainings/#sku
🔴 1 HOUR before with ! Join us for a discussion about #Kubernetes, how it changes our processes around deploying software, its benefits, and how to get started. We're also giving away a @kodekloud1 subscription. YouTube: youtu.be/1nUoIFSon50
800+ RSVPs 🔴Join us in 1 hour with our guest, CEO, Louis () who will be walking through attacking JWTs with us, so you can build better authentication.
Twitch🔗: bit.ly/snyfff
Episode sponsor:
GET EXCITED! Only 1 HOUR before goes through the basics of how to review your code for vulnerabilities on . Let's hunt some bugs in source code and get a chance to win a subscription to and more ! 🔗youtu.be/A8CNysN-lOM
A new open-source tool allows testing the efficacy of WAF solutions in real-world conditions using millions of web requests. Refer to our corporate supporter GitHub page for more details.#waf #websecurity #apisecurity #DevOps #DevSecOps
Did you know you can watch about 600 videos of OWASP and AppSec content on our YouTube channel?
Click to subscribe!
OWASP is looking for volunteers to review projects! Are you interested in joining the team?
owasp.blogspot.com/2017/01/owasp-
V3.0.0 represents >2.5 yrs of effort w/ nearly 1000 commits; it supports new rules, development strategies, and underlying technology.
Quote
The #CRS3 team is happy to announce the release of @OWASP @ModSecurity Core Rule Set v3.0.0. lists.owasp.org/pipermail/owas Please retweet.
We are really close to a record 4000 members! Take advantage of our two year membership drive to help do our mission, as well as access great membership benefits, including member discounts at all our paid events! Membership can pay itself off :)
owasp.org/membership/
OWASP Core Rule Set has evolved greatly over the last year to become an award winning project. Let take you on that journey and share what is coming up.
owasp.blogspot.com/2017/12/core-r
Videos on the top ten vulnerabilities using OWASP ZAP, Security Ninja Vulnerable application and the Testing guide:
Don't miss part 2 of How to Analyze Code for Vulnerabilities on ! & will demonstrate how to use open-sourced code analysis tool Joern to make code analysis more efficient!
RSVP: bit.ly/3CrmZuv
Sponsor:
We would especially like to thank all of our trainers who participated in OWASP Virtual #AppSecDays April 2020 , , , @Dave_von_S, , , , , , , &
Thank you for joining #owasp and supporting us as a Contributor Corporate Member! owasp.org/index.php/Ackn
It's 2017, and command injection is still the top threat to web apps theregister.co.uk/2017/11/20/ope via
Check out this line-up of speakers! Hear them talk at the #OWASP 20th Anniversary event beginning at 3am EDT on Friday, Sept. 24 as we celebrate our past 20 years and look forward to "Securing the Next 20 Years". owasp20thanniversaryevent20.sched.com/directory/spea
#Attacking #Android and #iOS apps by Example, is a hands-on practical 3-day training course at #GlobalAppSec #Amsterdam that will allow attendees to gain skills that can be applied to #mobile #security #assessments immediately. Reserve your spot today. globalappsecamsterdam2019.sched.com/event/TjQE
OWASP LATAM Tour 2018 México fue un gran éxito y tanto las diapositivas como las grabaciones de las charlas ya están disponibles oficialmente en el nuevo canal de Youtube de OWASP LATAM
