The web remains a dangerous place.

Securing your web APIs and applications has never been more important, or more difficult in the face of sophisticated threats and bad actors. Fortunately, the Open Worldwide Application Security Project (OWASP) exists to at least identify and share mitigations for the most popular attacks.

In this session, we'll learn about the OWASP Top 10 threats for 2025, released earlier this year. We'll demonstrate each threat and show how we can design our applications to better withstand them. You'll leave this session with concrete ways to improve your app's security and many resources for learning more about how to write secure web applications.