Vince Marcovecchio


Vince started his career writing horrible PHP web applications, before shifting to application development on desktop and mobile platforms, and eventually joining the "dark side" of security research. His primary research interests are NFC, JavaCard, and Node.js. He's been with BlackBerry for ten years.


Talk: OWASP Top 10: Explained, Exploited, Avoided

The OWASP Top 10 is a widely known set of web application security risks. The true impact of these risks, however, is often misunderstood and underestimated. In this whirlwind talk, we'll go through the Top 10 and demonstrate their real impact through live exploits against applications like OWASP's Juice Shop using tools like PortSwigger's Burp. We'll then review effective ways of avoiding and mitigating the Top 10 when web applications are being implemented and deployed.

Developers in the audience will leave with a new appreciation for the actual impact of the risks in the OWASP Top 10 and effective strategies for avoiding them. Security practitioners will learn quick demos that can be easily replicated to better illustrate the impact of the Top 10.