#174 - OWASP Top 10 Web Application Attacks

In this episode of CISO Tradecraft, host G. Mark Hardy delves into the crucial topic of the OWASP Top 10 Web Application Security Risks, offering insights on how attackers exploit vulnerabilities and practical advice on securing web applications. He introduces OWASP and its significant contributions to software security, then progresses to explain each of the OWASP Top 10 risks in detail, such as broken access control, injection flaws, and security misconfigurations. Through examples and recommendations, listeners are equipped with the knowledge to better protect their web applications and ultimately improve their cybersecurity posture.

OWASP Cheat Sheets: https://cheatsheetseries.owasp.org/

OWASP Top 10: https://owasp.org/www-project-top-ten/

Transcripts: https://docs.google.com/document/d/17Tzyd6i6qRqNfMJ8OOEOOGpGGW0S8w32

Chapters

• 00:00 Introduction
• 01:11 Introducing OWASP: A Pillar in Cybersecurity
• 02:28 The Evolution of Web Vulnerabilities
• 05:01 Exploring Web Application Security Risks
• 07:46 Diving Deep into OWASP Top 10 Risks
• 09:28 1) Broken Access Control
• 14:09 2) Cryptographic Failures
• 18:40 3) Injection Attacks
• 23:57 4) Insecure Design
• 25:15 5) Security Misconfiguration
• 29:27 6) Vulnerable and Outdated Software Components
• 32:31 7) Identification and Authentication Failures
• 36:49 8) Software and Data Integrity Failures
• 38:46 9) Security Logging and Monitoring Practices
• 40:32 10) Server Side Request Forgery (SSRF)
• 42:15 Recap and Conclusion: Mastering Web Application Security