Cybersecurity in 2017: Interview with OWASP Author Jim Manico

Jan 29, 2017 By Paul Curran

As the software world still reels from the major hacks and breaches that occurred, and surfaced, in 2016, it’s critical that organizations ensure that their code security gets the attention that it deserves in 2017, and beyond.


In order to gain some quick insight into the application security landscape for 2017, we conducted a short interview with Jim Manico.


Join Jim Manico’s Meet the Experts Webinar “What is the OWASP Application Security Verification Standard” by clicking here.


Jim Manico has been an active member of OWASP since 2008 and he served as a global board member from January 2013 through May 2016. At OWASP, his main passion is supporting efforts that help developers write secure code.

Jim Manico

Jim Manico

Additionally, Jim trains software developers on secure coding and security engineering. He is also the founder of Brakeman Security, is a investor/advisor for Signal Sciences, and is a volunteer for the OWASP Foundation. His writings include “Iron-Clad Java: Building Secure Web Applications” from McGraw-Hill and Oracle Press.


Checkmarx: What is one thing you wish more people knew about the OWASP Top 10?


Jim Manico: It’s incomplete. This is just an awareness document that is good for folks new in application security. After reading the OWASP Top Ten, folks should read the OWASP ASVS standard, the OWASP proactive controls, the BSIMM study and other documents to get a more complete picture on application security.


Checkmarx: What were some major application security challenges you noticed in 2016, and will these challenges get worse in 2017?


Jim Manico: The number one problem is being able to hire enough security people to get the job done. There are many jobs and just not nearly enough talented security professionals to get those jobs done. If you are a senior security professional the opportunities before you are significant.


Checkmarx: Where is the best place to start for developers hoping to become more “security aware?


Jim Manico: I think a good place for web and webservice developers to start is to understand a few basic technical risks like SQLi, XSS, and CSRF – especially how to deal with them specific to you current software framework. Start with a focused study there. Once you understand those three risk categories; move to a deep understanding of modern IAM technologies like SAML, OAUTH, OIDC and JWT’s. That should be enough to keep you busy for a while.

In general, commit to make studying AppSec a regular part of your job as a developer.


Be sure to follow Jim on twitter for more application security insights at @manicode.


jumping 1

Join Jim Manico’s Meet the Experts Webinar “What is the OWASP Application Security Verification Standard” by clicking here. here.



The following two tabs change content below.

Paul Curran

Content Specialist at Checkmarx
With a background in mobile applications, Paul brings a passion for creativity reporting on application security trends, news and security issues facing developers, organizations and end users to Checkmarx's content.

Latest posts by Paul Curran (see all)

Stay Connected

Sign up today & never miss an update from the Checkmarx blog

  • Georgia Brooks

    Taking actions and keeping an eye is very necessary when it comes to privacy. Cyber crimes are on the rise, everyday we see a big name attacked by with a DDoS or hacked with data transactions. To be protected we must keep a constant eye on the activities. Plus having security softwares like an all in one AV and a DDoS Protected VPN (like PureVPN) can also restrict the damage.

Get a Checkmarx Free Demo Now

Interested in trying CxSAST on your own code? You can now use Checkmarx's solution to scan uncompiled / unbuilt source code in 18 coding and scripting languages and identify the vulnerable lines of code. CxSAST will even find the best-fix locations for you and suggest the best remediation techniques. Sign up for your FREE trial now.

Checkmarx is now offering you the opportunity to see how CxSAST identifies application-layer vulnerabilities in real-time. Our in-house security experts will run the scan and demonstrate how the solution's queries can be tweaked as per your specific needs and requirements. Fill in your details and we'll schedule a FREE live demo with you.