Event

AppSec Workshop: Fix Faster

Date
April 28, 2025
Time
1:30 - 5:00 PM PT
Event Type
In person
Location
Downtown San Francisco
Save My Spot
Event Overview

3 reasons to attend

  • Greater confidence in analyzing and remediating SCA vulnerabilities
  • Practical strategies for effective collaboration with developers
  • A deeper appreciation for the challenges developers face, improving team trust and alignment

Prerequisites

  • An internet-enabled laptop
  • A basic understanding of Linux fundamentals (e.g., installing software and using CLI tools)
  • A free GitHub account and access to GitHub and GitHub codespaces
  • The ability to read and edit snippets of code

Who Should Attend?

This workshop is for AppSec and Product Security practitioners looking to bridge the gap between AppSec and development by gaining empathy for the developer experience. You must currently be in one of these roles, but you don't need any specialized knowledge—just curiosity and a willingness to learn.

Why does a “simple upgrade” often take so long, and why's it *so hard* to get development teams to do it?

Fix Faster is a hands-on workshop for AppSec and Product Security practitioners that want to address security issues faster and more effectively.

This beginner-to-intermediate training is your chance to step into a developer’s shoes. Through live demonstrations, interactive discussions, and guided exercises, we’ll simulate project-based challenges—walking into unfamiliar, legacy codebases and working through realistic constraints to remediate vulnerabilities. Participants will face real-world scenarios across Java and Python ecosystems, gaining firsthand experience in remediating known vulnerabilities in open source software. With more empathy for "upgrade hell", you can better partner with your dev teams to help your org reduce risk faster.

We'll cover:

  • Establishing a basic understanding of the complexities of software dependency management, such as breaking changes, version constraints and bugs
  • Complex and simple upgrades for direct and transitive dependencies
  • Evaluating remediation strategies, including vendoring, downgrading, and upgrading

Agenda:

1:30 - 2:00 PM - Check-in & Welcome
2:00 - 4:00 PM - Workshop Fix Faster
4:00 - 5:00 PM - Happy Hour

Contents
Contents
Agenda
What to Expect
Speakers
Save My Spot

Want to stay in the loop?

Sign up for our newsletter.

Welcome to the resistance
Oops! Something went wrong while submitting the form.
Claude Fable 5: Mythos-grade hype, record cheating, and a few hall-of-fame entries
Average results with 59.8% on functional solves and just 19.0% on security solves
Read more
Recall, not reasoning: how AI coding agents cheat security benchmarks
Recall, not reasoning: how AI coding agents cheat security benchmarks
Read more
Endor Labs + Cursor: Building the security foundation for agentic coding
Endor Labs + Cursor: Building the security foundation for agentic coding
Read more
Introducing Full Stack Reachability: Container Scanning That Actually Reduces Noise
Cut container vulnerability noise by up to 90% with full-stack reachability analysis spanning application and container image OS layers.
Read more
Classic Vulnerabilities Meet AI Infrastructure: Why MCP Needs AppSec
MCP servers inherit classical vulnerabilities like command injection, path traversal, and SSRF. Here's why LLMs and MCP deserve the same security practices as traditional applications.
Read more
How Fake Font Packages Abused npm as a CDN
101 packages disguised as font files distributed 34 TiB of data via npm's infrastructure—with a total of 4.3 PiB transferred via downloads.
Read more