For the first time in four years, we have a new OWASP Top 10 list of the most critical application security risks. Cross-site request forgery (CSRF) and unvalidated redirects and forwards have been bumped off the list. XML external entities, insecure deserialization and insufficient logging and monitoring have been added. What’s the significance of both the additions, and the subtractions? CA Veracode’s VP of Research Chris Eng recently sat down with Evan Schuman to discuss the new list and its implications. Their conversation covers:
- Why the top entries in the list continue to be the same year after year
- Why CSRF was removed from the list
- How this list is currently used, and best practices for using it
- OWASP’s methodology change after its controversial release candidate last spring
- What AppSec practitioners should focus on beyond this Top 10 list
Make sure you understand this important update and its implications; listen to this 10-minute conversation today.