This focuses mostly more on internal security (i.e after the attacker already has a foothold inside) versus the classic OWASP that are for external front fracing applications
It has long been consensus that perimeter security is an outdated concept. With servers in public clouds workers remote etc just assume that a breach could potentially happen and mitigate the potential damage - stealing credentials from a marketing guy should not result in root access to prod db.