Updated OWASP Top Ten (finally)

in

OWASP typically updates their Top Ten Web Application Security Risks about every two years, so many of us have been excited and anxious waiting for the new release (the last formal version was published in 2017). Of course, with the way things have been in 2020, a delay is certainly understandable, but it’s nice that the new edition is finally out.

Go check it out here: https://owasp.org/Top10/

For those of you studying for INFOSEC exams where questions specifically about the Top Ten might come up (for instance, the CCSK or CCSP), I don’t know if the test material has been updated to reflect the new OWASP list, or when that might happen. I imagine there will be some lag before the tests can be modified to include the 2021 content. My advice: if you plan to take the exam before January, 2022, study the OWASP 2017; anything later, use the 2021 OWASP version.

79. Greatest Hits - Prepping

in

This week, we are on hiatus while we avoid Hurricane Ida and preserve our own most precious assets (our asses, and those of our pets). This is a perfect time to catch up on past episodes of “The Sensuous Sounds Of INFSOEC”…and what better time to revisit our show on prepping for disaster? We promise— as soon as we’ve stabilized, we’ll feature a show about our own experiences and lessons learned.

In this episode, we prepare for the endtimes through personal continuity and disaster recovery, and nerd out on some truly great media.

Just a few of the books, movies, and TV mentioned (or associated with this topic):

  • Dawn of the Dead (George A. Romero, 1978)

  • Chernobyl (HBO, 2019)

  • The War Game (Peter Watkins, 1966: not to be confused with the 1983 classic WarGames)

  • Night of the Comet (Thom Eberhardt, 1984)

  • Cast Away (Robert Zemeckis, 2000)

  • Empire of the Sun (Steven Spielberg, 1987)

  • Firefly (Joss Whedon, 2002-2003: should have been 6 seasons and a movie)

  • Serenity (Joss Whedon, 2005: at least we got the movie)

  • Deadwood (HBO, 2004-2006)

  • The Road, Cormac McCarthy

  • Z for Zachariah, Robert C. O’Brien (THE BOOK— not the terrible movie that threw in some horrible racial overtones and a love triangle for no reason)

  • Lucifer’s Hammer, Larry Niven and Jerry Pournelle

  • Lord of the Flies, William Golding

  • To Build a Fire, Jack London

  • Day of the Triffids, John Wyndham

  • On The Beach, Nevil Shute

75 Consulting with Evgeniy Kharam

in

 We discuss the good, the bad, and the ugly of the consulting world with guest Evgeniy Kharam of the Herjavec Group.

 

My Udemy courses, mentioned in the trailer: https://www.udemy.com/user/ben-malisow/

The Herjavec Group: https://www.linkedin.com/company/the-herjavec-group/

Evgeniy’s show, the Security Architecture podcast: https://www.linkedin.com/company/secarchpodcast/

 

 

CISSP Study Guide and Practice Tests Books

in

The Ninth Edition of the Official CISSP Study Guide and the Third Edition of the CISSP Official Practice Tests books are now available! (You can get them in one convenient bundle on Amazon: https://www.amazon.com/Certified-Information-Security-Professional-Official/dp/1119790026/ref=sr_1_4?dchild=1&keywords=mike+chapple&qid=1626107911&sr=8-4.)

Mike Chapple, David, James, and Darril have done an absolutely fantastic job with these; I had the honor of doing a tech review on both books before publication, and I highly, highly recommend them to anyone studying for the exam. They will help immensely. Good luck to all the CISSP candidates out there!