Josh GrossmanThe Grinch who stole AppSecEUIn a shock move OWASP has decided to suddenly claw back its flagship conference from Israel and hold it in the UK instead.Dec 24, 2017Dec 24, 2017
Josh GrossmanReflections on attending and presenting at AppSec Israel 2017For various reasons, this year was the first year I made it to OWASP AppSec Israel, the national Application Security conference here in…Oct 19, 2017Oct 19, 2017
Josh GrossmanHPKP is pinning^W pining for the fjords - A lesson on security absolutism?It looks like this standard will not go into widespread adoption but I think we can learn a lesson about InfoSec cost/benefit and the risks…Aug 24, 2017Aug 24, 2017
Josh GrossmanThe OWASP Top 10 — An update and a chance to have your saytl;dr If you care about AppSec, you have until 30th August to have your say on what new items should be in RC2 and until 18th September to…Aug 20, 20171Aug 20, 20171
Josh GrossmanDaily Pen Test reports — Pros and ConsMy thoughts on how daily reporting can both enhance and damage the security testing process.Jul 9, 2017Jul 9, 2017
Josh GrossmanWannaCry — Do you feel lucky?Would MS17–010 have received enough attention without WannaCry?Jun 1, 2017Jun 1, 2017
Josh GrossmanOWASP Top 10 2017 — What should be there?Having made my long term thoughts on the OWASP Top 10 process clear, I want to talk about my thoughts for the 2017 list in the short term.May 15, 20171May 15, 20171
Josh GrossmanThe OWASP Top 10 — Response to the controversy from Jeff WilliamsJeff Williams, OWASP Top 10 Co-Author and Contrast Security CTO, has responded but I am not convinced he has alleviated concerns.Apr 26, 20171Apr 26, 20171
Josh GrossmanBehind the The OWASP Top 10 2017 RC1The OWASP Top 10 has become web app critical infrastructure but do people understand how it is produced?Apr 24, 20173Apr 24, 20173