Most teams believe their application is "secure enough". Unfortunately, most teams are wrong.
The majority of successful attacks do not rely on a super advanced zero-day exploit; they exploit predictable implementation mistakes like broken access control, misconfigured CORS, missing rate limits or even debug settings left enabled.

In this session, we dissect the OWASP Top 10 from a dev perspective and show how these vulnerabilities sneak into real-world codebases. Not as abstract risks, but as lines of code, architectural shortcuts, and "temporary" decisions that quietly made it to production.

Expect live examples, realistic attack paths, and uncomfortable truths about common development habits. We focus on root causes at code and architecture level, and on concrete mitigation patterns you can implement immediately, secure coding techniques, configuration hardening, automated checks in CI/CD, and pragmatic threat modeling.

If your team assumes security is "handled", this session will challenge that assumption.