The latest version of the OWASP Top 10 Vulnerabilities is about to be finalized. This talk discusses how to use these guidelines, both old and new, to perform security testing. In too many instances, security is the last phase of the SDLC. Using the OWASP Top 10 list, developers and testers can become more aware of potential vulnerabilities. This will improve their coding and testing skills, allowing them to build more robust code.

This presentation discusses each of the latest vulnerabilities defined in the 2017 version of the OWASP Top 10. It includes testing strategies or failure scenarios which lead to exploitation. Best practices are discussed, all within the condensed time frame of a 10 minute firetalk.

Agile development and DevOps churn through testing at a rate that is impossible for a human to keep up with. Security tools are often designed to have someone at the helm, targeting the systems and applications or performing time intensive penetration tests.

What if there were a way to layer in security as applications are being developed? It is unreasonable to believe that automation can completely replace a knowledgeable security tester, but much of the groundwork and preliminary analysis can be incorporated into the software lifecycle.

If nothing else, these tools and methods will help prevent completing an application, only to discover security findings that cannot be resolved before being released.