BEGIN:VCALENDAR
VERSION:2.0
PRODID:-//pretalx//conference.c3w.at//bsidesvienna-0x7e9-2025//ZZLRRS
BEGIN:VTIMEZONE
TZID:Europe/Vienna
BEGIN:STANDARD
DTSTART:20001029T030000
RRULE:FREQ=YEARLY;BYDAY=-1SU;BYMONTH=10
TZNAME:CET
TZOFFSETFROM:+0200
TZOFFSETTO:+0100
END:STANDARD
BEGIN:DAYLIGHT
DTSTART:20000326T020000
RRULE:FREQ=YEARLY;BYDAY=-1SU;BYMONTH=3
TZNAME:CEST
TZOFFSETFROM:+0100
TZOFFSETTO:+0200
END:DAYLIGHT
END:VTIMEZONE
BEGIN:VEVENT
UID:pretalx-bsidesvienna-0x7e9-2025-ALANTS@cfp.bsidesvienna.at
DTSTART;TZID=Europe/Vienna:20251122T093500
DTEND;TZID=Europe/Vienna:20251122T100500
DESCRIPTION:Top software vulnerability lists like OWASP Top 10 or CWE Top 2
 5 are well-known and used broadly across the industry. They shape how we t
 alk about software vulnerabilities and guide us to focus on certain vulner
 abilities over others.  But how well do they hold up in the real world?  A
 re there any blind spots that are not covered by the most prominent lists?
   \nTo answer this question\, I aggregate results from over 400 web applic
 ation penetration tests in the last four years.\n\nIn this talk\, I will w
 alk through how these “top vulnerability” lists are created\, what tra
 de-offs they make\, and where they fall short.  \nFinally\, we will compar
 e their priorities against real-world data from a mid-sized penetration te
 sting team and see which issues actually show up again and again in practi
 ce.
DTSTAMP:20260611T033546Z
LOCATION:Track 2
SUMMARY:The OWASP Top 10 Looks Different From the Trenches - Fabian Funder
URL:https://cfp.bsidesvienna.at/bsidesvienna-0x7e9-2025/talk/ALANTS/
END:VEVENT
END:VCALENDAR