Cybersecurity Expert Tanya Janka Discusses OWASP Top 10 Updates and AI's Impact on Security

The video features cybersecurity expert Tanya Janka discussing the OWASP Top 10, a widely recognized awareness document listing the top 10 web application security risks, updated most recently in late 2023 with a release candidate in November. Key changes include renaming "using vulnerable and outdated components" to "insecure supply chain" to reflect broader risks like supply chain compromises, while "broken access control" remains the top issue due to its complexity and lack of standardized solutions. Janka highlights persistent challenges like SQL injection (still accounting for ~15% of vulnerabilities despite being solvable since 1998) and the need for better secure coding education, which is rarely taught in schools or bootcamps. She introduces a free secure coding AI prompt framework to improve code generation by embedding security requirements upfront, reducing vulnerabilities from ~40% to ~20% in tests. The discussion also covers the impact of AI on security roles, predicting that junior penetration testers may struggle to find jobs as AI automates basic testing, while experts will focus on advanced threats and tool mastery. Practical recommendations include "bad, better, best" training models, security champions programs, and behavioral economics techniques to nudge developers toward secure defaults. The conversation underscores the growing importance of AI in both creating and mitigating security risks, with tools evolving to integrate security earlier in the development lifecycle.