OWASP AppSec Latam 2013

Before reading this article imagine what it would be like to manage your company without your customer’s data or if the data was in your competitors’ hands.
The value of data is an established fact and almost doesn’t bear mentioning. The experiences your customers acquire along the years as well as their database are fundamental and represent a great competitive edge in this new corporate era.
Keeping this in mind we realize the importance of implementing specific policies in order to build a base to guarantee the safety of these data.
Recently, there’s been an increase in security related incidents in a way that IT management has become more and more complex and, automatically, the need for a new kind of professional has emerged, the Chief Security Officer (CSO).
The CSO has become the person responsible for all risk areas, data security and, also for the definition and implementation of security strategies and policies that a company will implement.
Such policies are developed to reduce risks and negative impacts and also to limit exposure to liability in all areas.
However, the main issue dealt with here doesn’t question the need for good professionals, for secured information or development of better security policies. It deals with the constructive process through which every company goes when creating and structuring such policies.
The limited vision, commonly used at the moment of creating these policies, isn’t, enough to comprise all the company’s existing range of vulnerabilities.

So, I will demonstrate a lot of security issues that this limited vision brings, like human faults in WebServers, and others vulnerabilities like SQL Injections and other related with TOP 10 OWASP.