Security is a hard problem, especially when you are only running but not writing an application. The infamous comic “This is fine” is often the best description we have for this scenario. But it doesn’t have to be. This talks shows how to protect against injections and also how to monitor them.

This talk combines two of the OWASP top ten security risks:

• Injections (A1:2017): We are using a simple application exploitable by injection and will then secure it with the Web Application …