What Open Source Taught Me About Modern Web Application Security

This session shares hands-on security learnings from building and maintaining an open source Svelte application for the Developer Relations Foundation. Using this real-world project as a case study, we’ll review real vulnerability patterns observed during development, how AI-assisted code generation interacts with traditional SAST tooling, and trends where automated detection tends to fall short.

By tying these findings to recent NPM supply chain incidents and industry trends, this talk provides a grounded look at what modern web application risk actually looks like, and what developers and where security teams can generalize to do something about it.