Agenda:
- 17:00 - 17:15 Food and drinks
- 17:15 - 18:00 Evolving Your AppSec Program in the Era of AI - Joseph Hejderup
- 18:15 - 19:00 Content Security Policy: From newbie to advanced - Halvor Sakshaug
This event is sponsored by Endor Labs
Evolving Your AppSec Program in the Era of AI
AI is already transforming how software is built—but for security teams, it’s mostly just making life harder. Developers are shipping AI-generated code at breakneck speed, while security teams struggle to keep up. The challenge isn’t just securing AI-generated code and systems—it’s evolving your AppSec program to keep pace with software development.
We'll explore how security teams can evolve their programs across two key dimensions: securing AI-driven software development and using AI to enhance security workflows. You’ll learn:
- Strategies for managing risks from AI-generated code and autonomous agents
- How security teams can use AI to reduce work and improve security outcomes
- Where AI can enhance security—and where human expertise remains irreplaceable
AI isn’t just a security challenge; it’s a chance to build a smarter, more efficient security program. Join us to learn how to make AI work for security, not against it.
Joseph Hejderup - Member of Technical Staff, Endor Labs
Content Security Policy: From newbie to advanced
The response header Content Security Policy is trending. It has become a PCI DSS requirement. Penetration testers and security savvy clients expect it more and more. This simple response header unlocks great security features in the browser. But if you get it wrong it may kill your site!
This talk will help you navigate safely through all the directives, levels, enforcement modes, deprecations, fallbacks, and varying browser implementation and support. You'll learn how to build a policy efficiently, the considerations you need to make along the way, and how you handle violation reports from users.
Halvor Sakshaug is one of the top answerers for Content Security Policy questions on Stack Overflow. He is involved in everything AppSec at PG Forsta. His main interests are Content Security Policy (and everything else that can protect the client), bug bounties, teaching security, and looking for vulnerabilities. In his spare time he does real debugging by helping people get rid of silverfish