The OWASP Top 10 Proactive Controls Project uses the OWASP Top 10 model as a way to encourage the community to participate in the building and maintenance of a Top 10 project aimed at developers. In this interview, I talk with Jim Manico and Katy Anton on the history of the project, how they anticipate it being utilized, and how they have worked with the community do decide the criteria for building the list of controls.
On the day before Black Hat 2014 kicked off, I was able to sit with Jonathan Carter to talk about his work and the projects he participates on in OWASP. The audio recording is a bit raw because the sound was cranked up in a conference full of people. What Jonathan has to say should more than compensate.
About Jonathan Carter
Jonathan Carter is an application security professional with over 15 years of security expertise within Canada, United States, Australia, and England. As a Software Engineer, Jonathan produced software for online gaming systems, payment gateways, SMS messaging gateways, and other solutions requiring a high degree of application security.
Jonathan’s technical background in artificial intelligence and static code analysis has lead him to a diverse number of security roles: Enterprise Security Architect, Web Application Penetration Tester, Fortify Security Researcher, and Security Governance lead. He is currently Arxan’s Technical Director.
Resources mentioned in this podcast
- Arxan – Mobile Application Protection
- OWASP Reverse Engineering and Code Modification Prevention Project
- OWASP Mobile Top 10
The OWASP Top 10 Privacy Risks Project aims to develop a top 10 list for privacy risks in web applications because currently there is no such catalog available. I spoke with co-leads Florian Stahl and Stefan Burgmair about how the project was started, the selection process for the top 10 risks and their future plans.
About Stefan Burgmair
Stefan Burgmair is a German student at the Munich University of Applied Sciences. After he gained his B. Sc. title in Information Systems and Management he now writes his master thesis on the “Top 10 Privacy Risks for Web Applications” at the msg systems. Together with his advisor Florian Stahl, he is managing the OWASP Top 10 Privacy Risks Project.
About Florian Stahl
Florian Stahl is a German security and privacy consultant and evangelist. He achieved his master’s with honors in information systems science at the University of Regensburg in Germany and his master’s in computer science at Växjö Universitet in Sweden.
Florian started his professional career at the Swedish security software vendor Cryptzone in Gothenburg in 2006. He came back to Germany in 2009 and worked as consultant for Ernst & Young in Munich before moving on to msg systems where he currently holds the position as Lead Consultant. Florian has CISSP and CIPP/IT certifications and speaks fluent German, English and Swedish. His aim is to follow a holistic approach by combining technical, organisational and social measures to protect information.
He is regular speaker at conferences and writes articles for magazines and on his blog securitybydesign.de. He leads the OWASP_Top_10_Privacy_Risks_Project.
Central Repository downloads continuing to grow at an astounding rate, up over 800,000 from the previous week. Here’s the quick down and dirty stats for last week:
16,696,858 components downloaded
98,387 unique artifact downloads
Top 10 Artifacts
- junit junit 4.10 (295,835)
- junit junit 3.8.2 (214,899)
- commons-logging commons-logging 1.1.1 (88,686)
- junit junit 3.8.1 (71,453)
- commons-cli commons-cli 1.0 (56,130)
- commons-collections commons-collections 3.2.1 (48,885)
- javax.servlet servlet-api 2.5 (45,032)
- commons-codec commons-codec 1.4 (44,599)
- org.apache.commons commons-lang3 3.1 (41,939)
- commons-lang commons-lang 2.1 (41,809)
It was a busy week for the Central Repository last week with over 15 million component downloads. Here’s the quick down and dirty stats for last week:
15,875,759 components downloaded
119,501 unique artifact downloads
Top 10 Artifacts
Top 10 Countries
- United States
- United Kingdom
- Russian Federation
Top 10 Cities
- Albuquerque, NM
- Ashburn, VA
- Beijing, China
- London, United Kingdom
- Bangalore, India
- San Francisco, CA
- Tokyo, Japan
- Washington, DC
- Geneva, Switzerland
- San Jose, CA