What's Not So New in the New OWASP Top 10 - Devoxx Poland 2022

Explore the latest updates to the OWASP Top 10 in this conference talk from Devoxx Poland 2022. Delve into the concept of Defence in Depth and its castle approach analogy. Examine what's truly new in the latest OWASP Top 10 list, with a focus on insecure design and its prevention. Learn about secure design principles and threat modeling methodologies, including a practical example of the STRIDE model. Gain valuable insights into web application security and discover how to implement more robust security measures in your software development process.

Intro
OWASP - Open Web Application Security Project
Defence in Depth (Castle approach)
What's actually new in the OWASP Top10?
Insecure design - examples
Secure design principles
Insecure design - How to Prevent?
Threat modeling methodologies
STRIDE - example