Wednesday 

Workshop room 

15:00 - 16:00 

(UTC+01

Workshop (60 min)

Part 2: Stop Firefighting Vulnerabilities, Start Eliminating Bug Classes at Scale: A Hands-On Workshop

In this hands-on workshop, you'll move beyond traditional vulnerability patching and dive into the cutting-edge techniques that top organizations use to eliminate entire bug classes at scale. You won't just learn what the vulnerabilities are - you'll learn how to mitigate them at scale across your organisation. After this workshop you will stop firefighting bigbounty reports and will start implementing safeguards that work.

Application Security
SDLC
Security Tooling
Bug Bounties

Participants will be split into small groups and given real-world vulnerabilities to tackle. Your challenge: instead of just "fixing" them, you'll work together to eliminate their root cause. With the guidance of the lecturer, you'll explore techniques, including automating security mechanisms, and leveraging the most modern web standards (e.g. CSP3, Trust-Types, Sec-Fetch) beyond the OWASP Cheatsheets.

By the end of this workshop, you'll walk away with a deep understanding of how to make vulnerability classes obsolete and ensure your systems are resilient to whole categories of attacks.

Whether you’re a developer, security engineer, or researcher, this workshop will change how you approach security by focusing on scalability, automation, and proactive safeguards.

Javan Rasokat

Javan is a Senior Application Security Specialist at Sage, helping software teams enhance security throughout the software development lifecycle. On the side, he lectures Secure Coding at DHBW University in Germany. Javan’s passion for ethical hacking started young, automating online games and finding security bugs, which he would report to game operators. He turned this passion into a career, first as a security consultant and later specializing in penetration testing. Javan holds a Master’s degree in IT Security Management and several certifications, including GXPN, CISSP, CCSP, and CSSLP. He has shared his research at conferences, including OWASP Global AppSec, SecTor, and HITB.