OWASP Day & Cyber ​​Journey

(To Francesco Rugolo)
11/06/24

When we talk about cyber security we always think of bad computer pirates and those who, on the other side of the fence, fight them. Yet, it all began much earlier.

Particularly for software issues, everything starts when designing and implementing a program.

Poor design, lack of knowledge in programming secure software, and inefficient testing and quality control are at the root of the problems we face every day in cyberspace. Yet there are standards for producing secure applications: Open Web Application Security Project, OWASP for short.

The OWASP foundation is online since December 1, 2001 and has been recognized as an American non-profit organization since April 21, 2004. The foundation and its collaborators abide by the fundamental rule of not affiliating with any technological industry to maintain their impartiality and credibility intact.

But why OWASP is so important?

Owasp is important because it is now a world standard for the development of secure software but not only that, it is important because there are thousands of IT security experts who collaborate daily on OWASP projects, it is important because it is a collection of best practices that are made available for free, it is important because among the many projects there is also the OWASP Academy which aims to spread knowledge about the development of secure software.

OWASP is a de facto standard, adopted by individual developers but also by large software producers. In fact, since it is a standard, it goes without saying that its adoption by an organization becomes an integral part of the cyber security structure of the organization itself.
An organization that produces software, as well as an organization whose business processes are strongly dependent on the software used (produced by it or not) must also pay attention to policy aspects such as for example the adoption of OWASP within it.

The adoption of OWASP or other security standards is therefore an integral part of corporate cyber security and as such deserves attention from management. In fact, it is absolutely useless to make investments in the security sector without also thinking about sector policy.

If when producing software you do not pay attention to the security standard used in the production and testing phase, you risk having to implement a series of controls that are much more expensive than necessary, when compared with the costs of developing secure software from the beginning.

Of course, adopting a secure software production standard does not guarantee that there can be problems but at least guarantees from the already known problems.

One of the most important products of OWASP is the Top ten, a list of the top 10 risks related to web applications, in its 2021 version:

A1 Broken-Access Control
A2 Cryptographic Failures
A3 Injection
A4 Insecure Design
A5 Security Misconfiguration
A6 Vulnerable and Outdated Components
A7 Identification and Authentication Failures
A8 Software and Data Integrity Failures
A9 Security Logging and Monitoring Failures
A10 Server-Side Request Forgery

OWASP is present in Italy and organizes events throughout the territory with its partners, the next one will be held on Thursday 20 June 2024 in Cagliari from 16.00 pm, in the splendid setting of its most popular beach, Poetto.

The event will be sponsored by EquixlyIMQ Minded Security and Pluribus One.

See the program.

The event will welcome industry professionals, software developers, software quality engineers, and IT students with a strong interest in security.

For reservations: https://clicqui.net/2Lst5