OWASP Meeting

Topic 1
Secure Vibe Coding: 5 Key Lessons
AI coding assistants like Cursor, Copilot, and Windsurf significantly increase productivity and assist with mundane coding tasks. But while powerful, these tools carry risks: trained on vast public datasets, they inherit bad patterns without necessarily ensuring secure application development. In this talk, we'll share five key lessons for security engineers and developers to improve code security:

1. Implement guardrails
2. Get real-time security signal
3. Watch your dependency blast radius
4. Compensate for non-determinism
5. Invest in prompt engineering

Bio:
Nate Michalov is a seasoned application security professional with over 12 years of diverse experience. Throughout his career, Nate has contributed to organizations such as Endor Labs, Apiiro, Snyk, Veracode, and Annkissam, where he has focused on securing digital ecosystems while aligning technological strategies with business objectives. In various roles including customer success architect, senior sales engineer, and senior SAST specialist, Nate has consistently tackled complex challenges at the intersection of business and technology. Known for his collaborative approach and dedication to staying informed about emerging trends, Nate is recognized as a trusted advisor in promoting innovation and resilience in application security.

Topic 2
Title: Past, Present and Future of Automatic Code Remediation

Abstract: Academic projects, linters, and IDE helpers provided a foundation for simple automatic code refactoring, but lacked the depth to address complex code issues found by tools. Recently, the landscape of tools used to change code saw explosive growth. Several open source code mutation frameworks have emerged, allowing expressive and impactful code transformations. LLMs have also jumped into the picture, promising power and delivering “cool” – but also towing chaos. We’ll explore the capabilities of these tools, including synergistic strategies – all towards answering the question: “are we ready to automatically fix code issues?” Finally, we’ll look at the horizon and make the case that the era of self-healing software is approaching quickly, even if it looks a little different than what you might expect.

Bio:
Leading tech innovator David Hafley, Head of Engineering at Pixee, blends leadership with tech expertise. Known for shaping global engineering teams, he champions large language models at Pixee, driving content and vulnerability solutions. Prior roles include Chief Product Officer at Dyknow, VP of Engineering at Contrast Security, and varied leadership roles from AWS environments to DevOps culture building. A seasoned speaker, David Hafley brings a wealth of knowledge to the Python conference stage, connecting tech, leadership, and the Python community.