Many people focus their attention solving OWASP top 10 risks, but unfortunately they only represent a part of existing application security issues. In consequence it’s necessary to have a global knowledge of existing risks going beyond the OWASP top ten. This talk review the recently published OWASP top 10 2017 and other OWASP standards such as OWASP Application Security Verification standard (ASVS) that completes the partial view of the OWASP top 10 offering a more advanced vision of the security providing a lis of requirements for secure development.
During the talk we will show practical examples of how to address existing risk, using manual or programmatic solutions within Spring Applications, as well as security providers solutions such as Application Security Testing (AST), Web Application Firewalls (WAF) and Runtime Application Self protection (RASP).