ThirdPartyTrust Blog

OWASP CHICAGO FEBRUARY MEETUP SUMMARY AND PRESENTATIONS

Posted by Anders Norremo on 3/5/18 8:00 AM
Find me on:

Big thank you to Morningstar for hosting the recent OWASP meetup. The evening was filled with really informative content in a couple of areas all tied to OWASP.

 First up was Carlos Pero, Head of Cyber Application Security over at Zurich Insurance Company.

IMG_20180220_183510870

Topic: What changed with the most recent 2017 release of OWASP?

The OWASP Top 10 Application Security Risks have been updated again for 2017, but actually is a “risk”? An auditor may have the dictionary definition, but if you ask different people actually working in information security, and you’ll likely get different answers. This issue was confusing enough even in OWASP circles that the first 2017 release candidate was rejected, so let’s discuss what needed to change since 2013, and more importantly what companies should focus on going forward."

Here is the presentation: OWASP 2017 Presentation

 

Next was Adam Lewis, Chief Security Architect at Motorola Solutions.

IMG_20180220_193042783

Topic: Fixing Broken authentication with FIDO.

The 2017 OWASP Top 10 lists Broken Authentication as the #2 security risk to web applications, and a recent DBIR report indicated that compromised passwords were responsible for 81% of all data breaches. Current MFA solutions like SMS and other OTP are just as broken, still phishable and suffering from a poor UX. FIDO is one of the most exciting innovations in security, and which for the first time brings a multi-factor authentication standard to the mass market combining military-grade security, awesome UX, privacy, and interoperability - all in a single stack that will soon be baked into the computing platforms we already own.

Here is the presentation: FIDO presentation

 

Last but not least, we had Tony Ramirez, Mobile Security Analysts with NowSecure.

IMG_20180220_200319761

Topic: 85% of 3rdParty App Store Apps Fail OWASP Mobile Top 10: Are you exposed?

A recent comprehensive analysis of more than 45,000 iOS and Android 3rd party apps in the Apple® App Store® and the Google Play™ store found that a staggering 85% of those apps fail one or more of the OWASP Mobile Top 10 criteria. Given the complexity of mobile pen testing, most organizations have little to no visibility 3rd Party mobile app security, compliance and privacy risk. During this session, a NowSecure mobile security expert will review the OWASP Mobile Top 10 requirements, explore the massive data set, detail the areas of exposure, and share mitigation recommendations. Mobile apps power productivity in the modern business; don’t let a few bad apps bring you down.

Here is the presentation: OWASP Top 10 Mobile Report Presentation

 

Thank you so much to the presenters and everyone that attended, we look forward to seeing everyone at the next OWASP meetup.

 

 

ThirdPartyTrust is a vendor risk management platform strengthening cyber risk intelligence and simplifying the management process for enterprises performing vendor risk assessments.
 
By analyzing both third and fourth party vendor cyber risk using a network-based solution, like 3PT, trust is built and mapped within your vendor eco-system.

Subscribe to Email Updates

Recent Posts