15. The OWASP Top Ten is Great, but is it Enough? w/ Andrew van der Stock

We all have things we consider “the best”.

 

Things we look to.

 

Rely on.

 

What happens when one of those old reliable, gold standard things that have been our go-to for so long winds up being #2, instead of #1?

 

Andrew van der Stock, Senior Application Security Leader at OWASP Foundation stops by the podcast to dispel some industry myths about The OWASP Top 10.

 

What we talked about:

 

- Is The OWASP Top 10 really the gold standard?

 

- Next level considerations to take on as you progress on your journey

 

- Risk assessment and threat modeling is just a game

 

Check out these resources we mentioned during the podcast:

Om Podcasten

The Virtual CISO Podcast is a frank discussion that provides the very best information security advice and insights for Security, IT and Business leaders. If you’re looking for the latest strategies, tips, and trends from seasoned information security practitioners, want no-B.S. answers to your biggest security questions, need a perspective on how your peers are addressing the same issues, or just simply want to stay informed and proactive, then welcome to the show. Our moderator, John Verry, chats with industry thought leaders to ensure you have what you need to be confident in your security and compliance. John will keep you informed, and perhaps even mildly entertained, through topics like ISO 27001, breach avoidance, incident response, dealing with pesky security questionnaires, data privacy, and managing vendor risk. Think of it as security… with a smile.