Overview
Explore the latest updates to the OWASP Top 10 in this conference talk from Devoxx Poland 2022. Delve into the concept of Defence in Depth and its castle approach analogy. Examine what's truly new in the latest OWASP Top 10 list, with a focus on insecure design and its prevention. Learn about secure design principles and threat modeling methodologies, including a practical example of the STRIDE model. Gain valuable insights into web application security and discover how to implement more robust security measures in your software development process.
Syllabus
Intro
OWASP - Open Web Application Security Project
Defence in Depth (Castle approach)
What's actually new in the OWASP Top10?
Insecure design - examples
Secure design principles
Insecure design - How to Prevent?
Threat modeling methodologies
STRIDE - example
Taught by
Devoxx Poland