On this week’s show we’ll be having a look at the latest OWASP top 10. As many of you would know, the new list is out. A couple of items have been dropped and a couple of items have been introduced. But we’re really using this new top 10 as an excuse to have a broader chat about the top 10 and the OWASP mission more generally.
As you’ll hear, everyone seems to agree the list is a good thing, but maybe OWASP needs to sharpen its communication strategy a little to make itself more accessible to the developers it’s trying to help.
We’ll hear from OWASP Bristol chapter leader and Veracode consultant Katy Anton on that, as well as Safestack head honcho Laura Bell and penetration tester and founder of Matchme consulting Pam O’Shea.
This week’s show is brought to you by a first time sponsor, VMRAY. They make malware analysis software that’s very popular with CERTs, but I suspect a lot of listeners out there in IR will also be interested in what they’re doing. The core offering is a cloud malware analyser that isn’t public, so if you don’t want to fire off a sample to VirusTotal and let the bad guys know you’re on to them, VMRAY is a better option.
VMRAY didn’t actually get one of its staff into this week’s sponsor slot, it chose one of its users instead – Koen Van Impe. He pops along to talk through what he uses VMRAY for and to give us a bit of an overview of what it does.