Every Wednesday, I summarize a podcast about cybersecurity so you can read it in about five minutes or less. This week features Andrew van der Stock, managed services technical leader at Synopsys and senior application security leader at the OWASP Foundation. He spoke with John Verry of The Virtual CISO Podcast (#15) about the OWASP Top 10 web application security risks. [Note: Questions and answers were edited for brevity and clarity.]
John Verry: What is the OWASP Top Ten?
08:40 - Van der Stock explains the OWASP Top Ten is an awareness document. It provides web application developers and security teams what they need to know to avoid being hacked. He stressed that the primary audience is developers. Even though it has a more than 15-year history, the developers, in the beginning, didn't know about it.
09:04 - OWASP worked with application security teams to get the word out about it. The goal is to give people who are starting out on their application development journey a security map, he related. OWASP is not trying to provide all of the security answers, it is trying to provide warnings about the most common and dangerous threats. To read more upgrade to premium!