Whilst most people were preparing for the festive season, in a shock move OWASP decided to suddenly claw back its flagship conference from the hugely successful OWASP Israel chapter and hold it in the UK (again) instead.
For various reasons, this year was the first year I made it to OWASP AppSec Israel, the national Application Security conference here in Israel. Not only that but I was honoured to be accepted to present as well. It was a long day including a speakers/organisers dinner in the evening but as well as being tired I was also really buzzing with excitement and I thought I’d jot down a few notes about the day.
It looks like this standard will not go into widespread adoption but I think we can learn a lesson about InfoSec cost/benefit and the risks of expecting all security controls, everywhere.
If you care about AppSec, you have until 30th August to have your say on what new items should be in RC2 and until 18th September to provide additional data on vulnerabilities found.
My thoughts on how daily reporting can both enhance and damage the security testing process.
Would MS17–010 have received enough attention without WannaCry?
Having made my long term thoughts on the OWASP Top 10 process clear, I want to talk about the list as it stands at the moment and how I think it should be for 2017.