About
Articles by Jim
-
OWASP Top Ten Proactive Controls 2018 (v3.0)
OWASP Top Ten Proactive Controls 2018 (v3.0)
By Jim Manico
Contributions
-
How do you collaborate or coordinate with other reviewers or developers when testing pull requests locally?
Be certain to also run security tests such as: SAST - Static Analysis Security Testing tools like SemGrep, Checkmarx and others. SCA - Software Composition tools like Dependabot, SNYK and Mergebase
Activity
-
Exciting times at Edgescan as the team gears up for Black Hat! 🚀 We're thrilled to introduce our new AI advisor, designed to recommend tailored…
Exciting times at Edgescan as the team gears up for Black Hat! 🚀 We're thrilled to introduce our new AI advisor, designed to recommend tailored…
Posted by Jim Manico
-
📣 Exciting news! #LocoMocoSec is going to be LIVE STREAMED!🤙 Huge shoutout to our sponsor Zatik Security for making this possible! Live stream…
📣 Exciting news! #LocoMocoSec is going to be LIVE STREAMED!🤙 Huge shoutout to our sponsor Zatik Security for making this possible! Live stream…
Shared by Jim Manico
-
To be chosen as one of the four finalists for the competition feels pretty unreal. What an honor! Can’t wait!!
To be chosen as one of the four finalists for the competition feels pretty unreal. What an honor! Can’t wait!!
Liked by Jim Manico
Experience & Education
Publications
-
Educating Boards
SC Magazine
C-suites and boards of directors are increasing their knowledge of IT security risks and needs – before a breach happens. Larry Jaffee reports.
Other authors -
-
OWASP Proactive Controls 2.0
OWASP Foundation
The OWASP Top Ten Proactive Controls 2016 is a list of security techniques that should be included in every software development project. They are ordered by order of importance, with control number 1 being the most important. This document was written by developers for developers to assist those new to secure development.
1) Verify for Security Early and Often
2) Parameterize Queries
3) Encode Data
4) Validate All Inputs
5) Implement Identity and Authentication…The OWASP Top Ten Proactive Controls 2016 is a list of security techniques that should be included in every software development project. They are ordered by order of importance, with control number 1 being the most important. This document was written by developers for developers to assist those new to secure development.
1) Verify for Security Early and Often
2) Parameterize Queries
3) Encode Data
4) Validate All Inputs
5) Implement Identity and Authentication Controls
6) Implement Appropriate Access Controls
7) Protect Data
8) Implement Logging and Intrusion Detection
9) Leverage Security Frameworks and Libraries
10) Error and Exception HandlingOther authorsSee publication -
OWASP Application Security Verification Standard (ASVS) 3.0
OWASP Foundation
The OWASP Application Security Verification Standard (ASVS) Project provides a basis for testing web application technical security controls and also provides developers with a list of requirements for secure development.
The primary aim of the OWASP Application Security Verification Standard (ASVS) Project is to normalize the range in the coverage and level of rigor available in the market when it comes to performing Web application security verification using a commercially-workable…The OWASP Application Security Verification Standard (ASVS) Project provides a basis for testing web application technical security controls and also provides developers with a list of requirements for secure development.
The primary aim of the OWASP Application Security Verification Standard (ASVS) Project is to normalize the range in the coverage and level of rigor available in the market when it comes to performing Web application security verification using a commercially-workable open standard. The standard provides a basis for testing application technical security controls, as well as any technical security controls in the environment, that are relied on to protect against vulnerabilities such as Cross-Site Scripting (XSS) and SQL injection. This standard can be used to establish a level of confidence in the security of Web applications. The requirements were developed with the following objectives in mind:
* Use as a metric - Provide application developers and application owners with a yardstick with which to assess the degree of trust that can be placed in their Web applications,
* Use as guidance - Provide guidance to security control developers as to what to build into security controls in order to satisfy application security requirements, and
* Use during procurement - Provide a basis for specifying application security verification requirements in contracts.Other authorsSee publication -
Iron-Clad Java: Building Secure Web Applications
McGraw-Hill, Oracle Press
Iron-Clad Java: Building Secure Web Applications describes the use of several OWASP, Oracle, Apache, and Google open-source Java projects that are essential tools needed to construct a secure web application with the Java programming language. You’ll learn best practices for authentication and access control, defense for cross-site scripting and cross-site request forgery, cryptographic storage, and injection protection. Using the practical advice, best practices, and real-world examples…
Iron-Clad Java: Building Secure Web Applications describes the use of several OWASP, Oracle, Apache, and Google open-source Java projects that are essential tools needed to construct a secure web application with the Java programming language. You’ll learn best practices for authentication and access control, defense for cross-site scripting and cross-site request forgery, cryptographic storage, and injection protection. Using the practical advice, best practices, and real-world examples provided in this authoritative resource, you’ll gain software engineering techniques for increasing security. Tech edited by Java Security Director, Milton Smith.
Other authorsSee publication -
OWASP Cheat Sheet Series
OWASP Foundation
The OWASP Prevention Cheat Sheet Series was created to provide a concise collection of high value information on specific web application security topics. These cheat sheets were created by multiple application security experts and provide excellent security guidance in an easy to read format.
Other authorsSee publication -
Effective Encryption
SANS Institute
Encryption is a common answer when data is to be secured. However there are choices and tradeoffs to be made when encrypting information. Further, a good algorithm does not guarantee secure data. We look at the use of encryption for various scenarios and discuss how to implement it correctly.
Other authorsSee publication -
OWASP Application Security Verification Standard (ASVS) 4.0.3
OWASP Foundation
The OWASP Application Security Verification Standard (ASVS) Project provides a basis for testing web application technical security controls and also provides developers with a list of requirements for secure development.
Other authorsSee publication
Projects
-
OWASP Java Encoder Project
The OWASP Java Encoder - written and maintained by Jeff Ichnowski - is a Java 1.5+ simple-to-use drop-in high-performance encoder class with no dependencies and little baggage. This project will help Java web developers defend against Cross Site Scripting!
Other creatorsSee project -
OWASP Java HTML Sanitizer Project
The OWASP HTML Sanitizer - written and maintained by Mike Samuel - is a fast and easy to configure HTML Sanitizer written in Java which lets you include HTML authored by third-parties in your web application while protecting against XSS. The existing dependencies are on guava and JSR 305. The other jars are only needed by the test suite. The JSR 305 dependency is a compile-only dependency, only needed for annotations. This code was written with security best practices in mind, has an extensive…
The OWASP HTML Sanitizer - written and maintained by Mike Samuel - is a fast and easy to configure HTML Sanitizer written in Java which lets you include HTML authored by third-parties in your web application while protecting against XSS. The existing dependencies are on guava and JSR 305. The other jars are only needed by the test suite. The JSR 305 dependency is a compile-only dependency, only needed for annotations. This code was written with security best practices in mind, has an extensive test suite, and has undergone adversarial security review. A great place to get started using the OWASP Java HTML Sanitizer is here: https://github.com/OWASP/java-html-sanitizer/blob/master/docs/getting_started.md.
Other creatorsSee project
Honors & Awards
-
Distinguished Lifetime Member of the Open Web Application Security Project (OWASP)
OWASP Foundation Board
Awarded by the Board for outstanding involvement in the organization over the course of many years.
-
Java Champion
Oracle Corporation
The Java Champions are an exclusive group of passionate Java technology and community leaders who are community-nominated and selected under a project sponsored by Oracle. Java Champions get the opportunity to provide feedback, ideas, and direction that will help Oracle grow the Java Platform. This interchange may be in the form of technical discussions and/or community-building activities with Oracle's Java Development and Developer Program teams.
-
Java "rockstar" Speaker Award
Oracle Corporation and the Java/Code One Conference Series
Java "rockstar" speakers are the top-rated speakers from JavaOne 2016. These speakers were recognized in conference attendee surveys for outstanding session content and speaking ability. Java "rockstar" speakers are recognized for their contributions to JavaOne conference education and their commitment to the technology community.
Recommendations received
18 people have recommended Jim
Join now to viewMore activity by Jim
-
A while ago, I conducted an informal poll among information security professionals whose companies had not yet mandated FIDO authentication for staff…
A while ago, I conducted an informal poll among information security professionals whose companies had not yet mandated FIDO authentication for staff…
Liked by Jim Manico
-
EdgeScan is a very impressive service that I heartily endorse. I’ve working with Eoin in various forms for over 20 years. Definitely worth checking…
EdgeScan is a very impressive service that I heartily endorse. I’ve working with Eoin in various forms for over 20 years. Definitely worth checking…
Shared by Jim Manico
-
Our Continuous Testing and Exposure Management platform now recommends what developer training would help prevent ongoing vulnerabilities, improve…
Our Continuous Testing and Exposure Management platform now recommends what developer training would help prevent ongoing vulnerabilities, improve…
Liked by Jim Manico
-
It’s our first time exhibiting!!! Milestone for sure! I am also beyond excited about our event at The Sphere, which looks just amazing. DM me for…
It’s our first time exhibiting!!! Milestone for sure! I am also beyond excited about our event at The Sphere, which looks just amazing. DM me for…
Liked by Jim Manico
Other similar profiles
Explore collaborative articles
We’re unlocking community knowledge in a new way. Experts add insights directly into each article, started with the help of AI.
Explore MoreOthers named Jim Manico
1 other named Jim Manico is on LinkedIn
See others named Jim Manico