Updated OWASP Top Ten (finally)

in

OWASP typically updates their Top Ten Web Application Security Risks about every two years, so many of us have been excited and anxious waiting for the new release (the last formal version was published in 2017). Of course, with the way things have been in 2020, a delay is certainly understandable, but it’s nice that the new edition is finally out.

Go check it out here: https://owasp.org/Top10/

For those of you studying for INFOSEC exams where questions specifically about the Top Ten might come up (for instance, the CCSK or CCSP), I don’t know if the test material has been updated to reflect the new OWASP list, or when that might happen. I imagine there will be some lag before the tests can be modified to include the 2021 content. My advice: if you plan to take the exam before January, 2022, study the OWASP 2017; anything later, use the 2021 OWASP version.

Security Unfiltered Podcast Appearance

in

SUPER-proud to have been a guest on the Security Unfiltered Podcast! Joseph South and Derrick Jackson are just phenomenal hosts, and made me feel very welcome and let me blather about all sorts of security-related stuff. We had a fantastic conversation that could have gone on for at least another three hours without pause, if we all had the time. Thanks again, gentlemen!

https://securityunfiltered.buzzsprout.com/1656988/8131383-security-unfiltered-ep-8-ben-malisow-all-things-security

CSA CCM Update

in

The Cloud Security Alliance (CSA) just published Version 4 of the Cloud Controls Matrix (CCM). If you are involved with securing a cloud environment, I cannot recommend this tool highly enough; it works for any type of organization, in any kind of cloud deployment. Best of all, it’s my favorite price: free.

Go download it here: https://cloudsecurityalliance.org/artifacts/cloud-controls-matrix-v4