SecAppDev 2025 - OWASP top 10

The interesting, important, and hard to find bugs are not generic. They often stem from unique business logic, so they require familiarity with the product.

Instead of getting frustrated with generic scans that barely find obvious problems and flood you with false positives, you can run custom checks that find what you care about. In this course, you'll learn how to take your internal knowledge and write custom, tailored scans that will work for you, across the whole codebase.
You’ll leave the course with clear understanding how to customize automated security tests for your code efficiently.

Learning goal: Learn how to find subtle, non-generic bugs in your code, make the most of open-source scanners, and set up smart security guardrails—all with practical techniques that fit into real-world development workflows.

Modern web applications rely heavily on frontend code, making browser security mechanisms crucial for protecting users and data. This hands-on workshop takes a deep dive into advanced frontend security for Angular / React / Vue applications.

Participants will explore real-world attack scenarios and implement defenses through guided exercises. Designed for developers and security professionals, this workshop blends academic depth with practical application, equipping attendees with the skills to secure modern frontends effectively.

Learning goal: Understand and apply state-of-the-art security mechanisms to protect modern frontends from real-world threats.

This hands-on workshop teaches developers the principles of secure coding, focusing on real-world attack scenarios and defense strategies. Participants will learn to identify and mitigate vulnerabilities such as injection flaws, XSS, authentication weaknesses, and insecure dependencies. Using AI code generators and security tools, attendees will strengthen their ability to write robust, secure applications.

Ideal for developers looking to enhance their security mindset and build software that withstands modern threats.

Learning goal: Attendees will learn to build secure APIs by preventing injection attacks, managing third-party risks, OAuth2 basics, securing React integrations, and handling file uploads safely. They will also explore AI-assisted code generation.

Learn how to secure your CI/CD pipeline without slowing down. We cover risks, best practices, essential tools, real-world attacks, and how to justify your security investments.

Key takeaway: Secure CI/CD is achievable without sacrificing speed: start with key tools, embed best practices, and scale smart.