What’s new in the OWASP Top 10?
The OWASP Top 10 isn’t the be all and end all of application security guidance, but it is an awesome tool for bringing up the topic of application security for those that are new to it. Usually published every three years, the Top 10 shows the aggregated ten most risky vulnerabilities discovered in vulnerability assessments since the last list. It famously doesn’t change much, but there are some new tweaks to the 2017 list, they are important, and you should know about them. Join us to look at Insecure Deserialization, XML External Entities, Logging, Monitoring, and Access Control. We’ll also bid a farewell to the dearly departed Cross Site Request Forgery, who is missed but not forgotten.
Speaker - Bill Sempf
In 1992, Bill Sempf was working as a systems administrator for The Ohio State University, and formalized his career-long association with internetworking. While working for one of the first ISPs in Columbus in 1995, he built the second major web-based shopping center, Americash Mall, using Cold Fusion and Oracle. Bill’s focus started to turn to security around the turn of the century. Internet driven viruses were becoming the norm by this time, and applications were susceptible to attack like never before. In 2003, Bill wrote the security and deployment chapters of the often-referenced Professional ASP.NET Web Services for Wrox, and began his career in pen testing and threat modeling with a web services analysis for the State of Ohio.
Currently, Bill is working as a application vulnerability analyst, testing web and mobile applications then helping the developers fix the security issues within. He has recently designed a global architecture for a telecommunications web portal, modeled threats for a global travel provider, and provided identity policy and governance for the State of Ohio. Additionally, he is actively publishing, with the latest being Windows 8 Application Development with HTML5 for Dummies.
Thursday, 1/25/2018, 6:00 – 8:00pm
Due to circumstances out of our control, we are unable to use our regular meeting location at the Microsoft Office.
Please come join us at the ICC office which you can find just off the Cleveland Ave exit of 270 on the northeast side of town.
Information Control Company
2500 Corporate Exchange Drive
Columbus, OH 43231
Networking / Geek Dinner