Applying Top 10 to Standards


The OWASP Top 10 2017 will be released in July or August 2017 after a public comment period ending on June 30. This Working Session will consider how to help standards that use OWASP Top 10 to get maximum benefit from the 2017 version.

Why

The OWASP Top 10 2017 will be released in July or August 2017 after a public comment period ending on June 30. This Working Session will consider how to help standards that use OWASP Top 10 to get maximum benefit from the 2017 version.

What

  • List standards that currently use OWASP Top 10 (PCI, etc…)
  • Map out how they use it
  • Map out what worked and what didn’t work in 2013 version (i.e. cases where Top 10 was not correctly used or recommended)
  • Provide explicit guidance on how to use the new OWASP Top 10 2017
  • Create plan to reach out to current users of Top 10 (PCI) and proactively engage with them to update to the 2017 version.

Outcomes

  • Comprehensive list of standards that use OWASP Top 10
  • Guidelines for using OWASP Top 10 2017
  • Roadmap to encourage current Top 10 users to update to OWASP Top 10 2017

Who

The target audience for this Working Session is:

  • Companies that use or recommend the Owasp Top 10
  • Security professionals
  • OWASP community —

Working materials

  • Draft list of standards that use OWASP Top 10
  • Draft guidelines for using OWASP Top 10 2017
  • Draft roadmap to encourage current Top 10 users to update to OWASP Top 10 2017

Content



Back to list of all Working Sessions and Tracks

Edit this page here