The Security Gap That No One Talks About

Agenda:
18:30 - Arrival, refreshments and networking
19:00 - Talk #1 from John Wood
19:30 - Break
19:45 - Talk #2, technical session with Aurélien SVEVI
20:30 - More networking and close

Talk #1 from John Wood

The Security Gap That No One Talks About

For years, organisations have built their application security programs around a predictable model: identify vulnerabilities early, fix them before deployment, and reduce risk through proactive testing.
This approach sounds reasonable—until we confront the reality of modern cyber threats.

The stark truth is that attacks do not happen in static, pre-production environments. They happen in real-time, against live applications in production. Cybercriminals do not wait for vulnerability scans to finish or for software teams to schedule patch cycles. They exploit gaps as soon as they emerge—whether through newly discovered zero-day vulnerabilities, unpatched software dependencies, or subtle misconfigurations that are undetectable until real-world attack traffic interacts with an application.

Join John Wood from Contrast Security to explore the future of application security with real-time protection and intelligence.

Attendees will learn:

• Why traditional security approaches fail against production threats.
• How modern attacks bypass static testing and legacy security tools like WAFs.
• The importance of real-time application security and detection (ADR).
• New techniques for measuring risk and building resilient applications.

About John:
John Wood has spent nearly two decades challenging the traditional AppSec playbook, moving security beyond checkbox compliance to real-world risk reduction. A pioneer in Europe’s early SAST movement, he has seen what works, what fails, and why many security programs remain broken. A dynamic speaker, John blends insights from Economic History, Geometry, and Classical Economics to illuminate the future of security—one that aligns with modern development, not outdated security gates. His talks are engaging, contrarian, and laser-focused on business-driven outcomes, cutting through the noise to deliver security strategies that actually make organisations safer. Expect sharp insights and bold perspectives.

Talk #2, technical session by Aurélien SVEVI

Contextualize to React: ADR at the Service of Incident Response

In an ever-evolving threat landscape, simply detecting security incidents is no longer enough. Cyber threats are becoming more sophisticated, and without proper context, security teams may struggle to differentiate between false positives and genuine risks. Understanding the full scope of an incident—how it originated, its potential impact, and the vulnerabilities it exploits—is crucial for responding quickly and effectively.

This session delves into the power of Application Detection and Response (ADR) and how it enhances threat visibility within your applications. ADR goes beyond traditional security measures by providing deep contextual insights, enabling security teams to detect, analyse, and respond to threats with precision. By integrating real-time monitoring, intelligent analytics, and automated response mechanisms, ADR empowers organisations to stay ahead of attackers.

Join us to explore how ADR can help you proactively safeguard your applications and sensitive data. Learn how to leverage its advanced capabilities to identify threats as they emerge, mitigate risks before they escalate, and strengthen your overall security posture. Whether you’re a security professional, a developer, or an IT leader, this session will equip you with the knowledge and strategies needed to implement a more resilient application security framework.

Aurélien SVEVI is a seasoned application security expert with seven years of experience helping enterprises bridge the gap between security and development. Based in France, he has a proven track record of making application security not just effective, but truly engaging for teams. With deep technical expertise and a knack for simplifying complex security challenges, Aurélien ensures that security becomes an enabler—not a blocker—for development teams. His passion for DevSecOps, team integration, and security education empowers organisations to build resilient, secure applications with confidence.

Specialties: Application Security, Team Integration, DevSecOps, Security Education.

Java Oxford is organised by Humand Talent, hosted by CoreFiling and the April event is sponsored by Contrast Security.

Contrast Security is a leader in modern application security, providing Application Security Testing (AST) and Application Detection and Response (ADR) solutions. Unlike traditional tools, Contrast offers real-time, runtime protection, embedding security within applications to detect and block threats as they occur. With its groundbreaking "security camera inside the vault" approach, Contrast enables organisations to see and stop attackers before they cause damage. Its AST solutions deliver continuous, accurate vulnerability detection, reducing noise and improving developer productivity. By integrating security seamlessly into the software development lifecycle, Contrast empowers businesses to build secure, high-performing applications without slowing down innovation.