00:00:00 - Introduction & Guest Lineup

00:05:20 - What is the OWASP Top 10?

00:08:10 - How Bug Bounty Hunters Use OWASP Top 10

00:10:47 - The Process of Creating the Top 10 List

00:13:48 - The Defensive Perspective for Developers

00:18:44 - A01: Broken Access Control - Overview

00:25:25 - Defending Against Broken Access Control

00:30:30 - Offensive Approach: Finding Access Control Bugs

00:35:32 - Balancing Security with User Experience

00:37:39 - A02: Cryptographic Failures - Overview

00:41:32 - Is Encryption Always Mandatory?

00:45:30 - Exploiting Cryptographic Failures (JWT, Mobile Apps)

00:50:37 - A03: Injection - Overview & Types

00:56:00 - The Root Cause: Trusting User Input

01:00:02 - Defenses: Content Security Policy (CSP) & DOMPurify

01:07:20 - Blue Team Perspective on Injection Attacks

01:10:31 - A04: Insecure Design & Trust Boundaries

01:18:02 - The Importance of a Security-First Mindset

01:20:29 - A05: Security Misconfiguration - Overview

01:26:25 - Chaining Misconfigurations for Impact

01:29:13 - A06: Vulnerable and Outdated Components

01:36:35 - Finding Outdated Components as a Bug Hunter

01:41:23 - Attack Surface Management (ASM) Solutions

01:45:40 - How Authentication Failures Happen in Real Life

01:51:34 - Should You Build Your Own Authentication System?

01:55:50 - A08: Software and Data Integrity Failures

01:58:51 - Example: Integrity in Over-The-Air (OTA) Updates

02:03:11 - A09: Security Logging and Monitoring Failures

02:05:51 - Offensive View: Exploiting Logging Failures

02:12:55 - A10: Server-Side Request Forgery (SSRF)

02:14:34 - Where to Find SSRF Vulnerabilities

02:23:25 - Q&A: Craziest Bug Bounty Chains

02:34:20 - Q&A: How to Avoid Burnout in Cybersecurity