Something weird and nice happened to me today.<\/p>\n\n\n\n
Several times a year, I accept requests for guiding cybersecurity workshops for various clients. Usually they fall into the category of web application security, or software development security. Not more than several (max 5) times a year because this will greatly impact my performance in other areas.<\/p>\n\n\n\n
So one client requested a web applications security workshop that must be focused on OWASP guidelines. It is awesome for me. I always like OWASPs content. Sometimes, I even have the privilege of contributing to it. When I provide this service, I never prepare exhaustive slides for presenting an already well established material, such as the one from OWASP. I just go on the website and work with that as a prequel to my deep examples.
<\/p>\n\n\n\n
Now, during these events, I usually bring a lot of my experience in addition to whatever support material we are using. Actually, this is why someone would require guidance in going through a well-established and very well built security material, such as the one from OWASP. Traditionally, OWASP’s guidelines and material did not emphasized enough, in my humble opinion:<\/p>\n\n\n\n I usually spend spend around 10-11 hours from 16[or more] hours workshop on the three topics above. Very important stuff, and, traditionally overlooked in most teams that I interact with.<\/p>\n\n\n\n What changed?<\/strong><\/p>\n\n\n\n It was a nice surprise to see that in the new TOP 10 W.A.S.R. OWASP included my three pillars and emphasized concepts the same way I like to do it. They even renamed sections according to my preference. Like the second position (A2) is now called Cryptographic Failures. AWESOME!<\/strong> Oh, and P.S: For the first time in.. what now, more than a decade (?!) OWASPs Top 10 W.A.S.R. does not have the top position occupied by injection problems. Either the web has grown exponentially again, or we have escaped a boundary. The boundary of absolute stupidity \ud83d\ude42<\/p>\n\n\n\n Something weird and nice happened to me today. Several times a year, I accept requests for guiding cybersecurity workshops for various clients. Usually they fall into the category of web application security, or software development security. Not more than several (max 5) times a year because this will greatly impact my performance in other areas. … Continue reading “Mid-workshop surprise!”<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"jetpack_post_was_ever_published":false,"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":"","jetpack_publicize_message":"","jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":true,"jetpack_social_options":{"image_generator_settings":{"template":"highway","default_image_id":0,"font":"","enabled":false},"version":2}},"categories":[4],"tags":[15,70,71,72],"class_list":["post-208","post","type-post","status-publish","format-standard","hentry","category-security","tag-cybersecurity","tag-owasp","tag-security-workshop","tag-surprise-motherfucker"],"jetpack_publicize_connections":[],"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"jetpack_shortlink":"https:\/\/wp.me\/paDECb-3m","jetpack-related-posts":[],"_links":{"self":[{"href":"http:\/\/who.ioanpopovici.ro\/index.php\/wp-json\/wp\/v2\/posts\/208","targetHints":{"allow":["GET"]}}],"collection":[{"href":"http:\/\/who.ioanpopovici.ro\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/who.ioanpopovici.ro\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/who.ioanpopovici.ro\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"http:\/\/who.ioanpopovici.ro\/index.php\/wp-json\/wp\/v2\/comments?post=208"}],"version-history":[{"count":2,"href":"http:\/\/who.ioanpopovici.ro\/index.php\/wp-json\/wp\/v2\/posts\/208\/revisions"}],"predecessor-version":[{"id":211,"href":"http:\/\/who.ioanpopovici.ro\/index.php\/wp-json\/wp\/v2\/posts\/208\/revisions\/211"}],"wp:attachment":[{"href":"http:\/\/who.ioanpopovici.ro\/index.php\/wp-json\/wp\/v2\/media?parent=208"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/who.ioanpopovici.ro\/index.php\/wp-json\/wp\/v2\/categories?post=208"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/who.ioanpopovici.ro\/index.php\/wp-json\/wp\/v2\/tags?post=208"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}
When I talk and debate, and learn together with an audience about cybersecurity topics, I always emphasize things that I consider to be insufficiently emphasized<\/em> by the supporting material. I say emphasized and not detailed<\/strong>, and please be careful to consider this difference.<\/p>\n\n\n\nInsufficiently emphasized topics<\/h3>\n\n\n\n
They explain stuff in a more holistic manner, as opposed to just enumerating isolated vulnerabilities. AWESOME!<\/strong>
Finally. It was an extremely good argument for the team that I was leading, about the way I spent my time on the three topics. I felt good about them \ud83d\ude42
Alraaaaight, I felt good about myself too!<\/p>\n\n\n\n
Cheers!<\/p>\n","protected":false},"excerpt":{"rendered":"