Since at least 2004 we know the OWASP Top 10, starting as the “Ten Most Critical Web Application Security Vulnerabilities”. Those got an update in 2007 and became “Risks” instead of “Vulnerabilities” in 2010. That was also the year when the first German translation was done and published. The 3-years-cycle continued, so there was the next Top 10 in 2013. Then there was some lagging, some confusion, an update, a refused release candidate, a change in the project leaders team, a new call for data and finally a release in 2017, which was partly criticised from various sides and “kind of translated” as the “German version” in 2018.
We will not deep-dive too much into history and deprecated stuff, but we will have a look at the current version, how we eventually got there, what is good, what is bad and what is ugly. Apart from the latest top 10 we will have a look on how that “top” is determined and that therefore might be sorely missing. All that with a very personal point of view of Ralf Reinhardt, who will be happy to be a participant in a nice discussions, which will hopefully evolve with all those fellow experts, evildoers and victims gathered. Project language is English.
Ralf is a member of the translation team, leader and lifetime member of OWASP, an adjunct professor for “(Offensive) Web Application Security” in Nuremberg (NIT) and Deggendorf (DIT), Community Instructor for SANS SEC 642 and various other stuff. He likes long sentences, to break things for reasons and profit and to build things for fun. Sometimes he talks about some of that and maybe he will also be able to finish some slides till that very talk. Please don’t count on it and be informed that they would be - for recycling reasons - very likely germanversioned anyway.