From OWASP Top 10 to Secure Applications

Explore a comprehensive conference talk from Spring I/O 2019 that delves beyond the OWASP Top 10 to address a broader spectrum of application security issues. Learn about the OWASP Top 10 2017, OWASP Application Security Verification Standard (ASVS), and other OWASP standards that provide a more advanced perspective on security. Discover practical examples of addressing security risks in Spring Applications through manual and programmatic solutions, as well as security provider tools like Application Security Testing (AST), Web Application Firewalls (WAF), and Runtime Application Self-Protection (RASP). Gain insights into various OWASP projects, including Proactive Controls and OWASP Benchmark, and understand their importance in developing secure applications. Explore software security issues, detection tools, and protection mechanisms, with a focus on integrating security measures within Spring applications.

Intro
About OWASP
OWASP Top 10 2017 - OWASP A1 - Injection
OWASP Top 10 2017 - A1 - SQL Injection
OWASP Top 10 2017 - A5 - Broken Access Control
OWASP Top 10 2017 - Broken Access Control
OWASP Top 10 - Summary
OWASP Proactive Controls
Proactive Controls - C7 - Enforce Access Control
Proactive Controls - Summary
OWASP Application Security Verification Standard
OWASP ASVS - Verification Levels
ASVS-V5 - Validation, Sanitization, Encoding
ASVS - V4.2 - Operation Access Control
OWASP ASVS - Summary
OWASP Benchmark
ASVS - Security Tools references
Software Security Issues
Software Security Definition
Detection Tools
Protection Tools - Example: Integrity Checks
Protection Tools - Spring Integration