0x03 - 2021-08-01 OWASP Top 10

Show notes 1-August - Top10 updates and more with Andrew van der Stock TOP10 section notes: We have talked with former Board member, current Executive Director of OWASP and long term big time contributor to the Top 10 project, Andrew van der Stock, about; The past and the present of OWASP Top10. What it is and what it isn't.  How it is different to standards or other Top X lists. The data and process behind it and the new Top10! YOU HEAR IT HERE FIRST FOLKS!! Changes to the categories and ordering to Top10 - Andrew goes through the new categories and major changes! Follow the project on twitter @ https://twitter.com/owasptop10 For the process: https://www.owasptopten.org/ For data submission: https://github.com/OWASP/Top10/tree/master/2021/Data 3 new categories in 2021 version: Insecure design (missing, ineffective or redundant designs) Server side request forgery (SSRF) Software and data integrity failures Ordering has changed and multiple previous categories merged. Final order will be revealed at the OWASP 20th Anniversary event on 24th September 2021 https://20thanniversary.owasp.org/ We want to thank all contributors to OWASP Top 10 for creating something which inspired many people to get into security. Extras: For getting involved in the education committee or the two new projects mentioned during the episode [Appsec Curriculum project and How to get into Appsec project ] education-committee slack channel is: https://owasp.slack.com/archives/C016H3FK3D5 Orange Tsai - world-renowned expert of SSRF - https://twitter.com/orange_8361 & https://blog.orange.tw/ Non-Top10 updates: In the spirit of its 20th birthday, we have talked about the story of OWASP. Mark Curphey's post on Veracode blog for the start story of the OWASP: https://www.veracode.com/blog/intro-appsec/start-owasp-true-story New flagship project: Software Bill of Materials (in partnership withCycloneDX) https://owasp.org/www-project-cyclonedx/ Vendor-neutral vs vendor-hostile approach Elections for the Board coming up!! There will be a call for candidates for the Board mid-August!! Watch this space and apply. If you are on OWASP leader list, please contribute to the revamp of Mission Statement. Check your mailbox for instructions. We are at the Black Hat US! Come visit our booth (search for OWASP in the vendor booth list) Corporate Membership structure is reshaped and been published: https://owasp.org/supporters/ trademark licensing for training partners has become much easier and sponsorships become much easily recognised, plus affordability for startups and regions We passed 4600 members and the new individual Membership Portal is launched: https://owasp.org/membership/2021/07/05/MembershipPortal.html (edited)