The document discusses application security then and now. It summarizes the OWASP Top 10 lists from 2001-2004 and 2013, noting that the types of vulnerabilities have not substantially changed. It emphasizes that the intent of the OWASP Top 10 is to manage risk, not just avoid vulnerabilities. The document provides tips for implementing application security, including starting small, gaining buy-in, educating developers, recruiting champions, and using the right partners and tools. It stresses that network security alone cannot prevent application breaches and that static analysis should be done early in development.