Announcing: OWASP Top 10 Vulns, Examples Project
OWASP Top 10 is considered the "gateway to AppSec", so naturally I'm interested. But diving into this, I quickly found it confusing to read about generic security vulnerabilities when I'm used to the code snippets and "hands-on style" typically found in developer-friendly blogs, courses, and other material. So, I'm attempting to bring the two together: OWASP Top 10 knowledge + hands-on code and examples.
This isn't to say I think OWASP has done a poor job, or their work is lacking (quite the contrary). During my first venture as an AppSec Engineer, I found myself doing a lot of research on how to effectively disseminate security info to developers. While every team is different, thus the needs of each team is different (security champions, reports, type of code, dev experience) each recommendation seemed to resolve down to meeting developers where they are.
Thus, with that background I'm off to make OWASP's Top 10 a little less policy, a little more code.Read more here