Episode 013 – OWASP Top 10 2017 – A1 Through A5

The Open Web Application Security Project (OWASP) group has created a Top 10 web applications vulnerability list since 2003.  Normally the list gets updated every 3 years or so, with the previous release being 2013.  Now with the 2017 list being finalized, I felt it was appropriate for us to go through it and look at it from a red and blue team perspective. This episode will cover the first 5 items on the list, from A1 (Injection) through to A5 (Broken Access Control). Some links of interest:

• OWASP Top 10 - https://www.owasp.org/images/7/72/OWASP_Top_10-2017_%28en%29.pdf.pdf
• SQLMap - http://sqlmap.org/
• Burp Suite - https://portswigger.net/burp
• OWASP Zed Attack Proxy (ZAP) - https://www.owasp.org/index.php/OWASP_Zed_Attack_Proxy_Project

Want to reach out to the show?  There's a few ways to get in touch!

• Show's Twitter: @PurpleSquadSec
• John's Twitter: @JohnsNotHere
• Podcast Website: purplesquadsec.com
• Sign-Up for our Slack community: https://signup.purplesquadsec.com
• John's Peerlyst Profile: https://www.peerlyst.com/users/john-svazic

Thanks for listening, and I will talk with you all again next time.

Find out more at http://purplesquadsec.com