In person

AppSec Workshop: Fix Faster

Why does a “simple upgrade” often take so long, and why's it *so hard* to get development teams to do it?

Fix Faster is a hands-on workshop for AppSec and Product Security practitioners that want to address security issues faster and more effectively.

This beginner-to-intermediate training is your chance to step into a developer’s shoes. Through live demonstrations, interactive discussions, and guided exercises, we’ll simulate project-based challenges—walking into unfamiliar, legacy codebases and working through realistic constraints to remediate vulnerabilities. Participants will face real-world scenarios across Java and Python ecosystems, gaining firsthand experience in remediating known vulnerabilities in open source software. With more empathy for "upgrade hell", you can better partner with your dev teams to help your org reduce risk faster.

We'll cover:

  • Establishing a basic understanding of the complexities of software dependency management, such as breaking changes, version constraints and bugs
  • Complex and simple upgrades for direct and transitive dependencies
  • Evaluating remediation strategies, including vendoring, downgrading, and upgrading

Agenda:

1:30 - 2:00 PM - Check-in & Welcome
2:00 - 4:00 PM - Workshop Fix Faster
4:00 - 5:00 PM - Happy Hour

Date
April 28, 2025
Time
1:30 - 5:00 PM PT
Location
Downtown San Francisco
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.

Speakers

A photo of Jamie Scott — Founding Product Manager at Endor Labs.
Jamie Scott
Founding Product Manager
Endor Labs

A photo of Anand Sawant — Member of Technical Staff at Endor Labs.
Anand Sawant
Member of Technical Staff
Endor Labs

Event Overview

3 reasons to attend

  • Greater confidence in analyzing and remediating SCA vulnerabilities
  • Practical strategies for effective collaboration with developers
  • A deeper appreciation for the challenges developers face, improving team trust and alignment

Prerequisites

  • An internet-enabled laptop
  • A basic understanding of Linux fundamentals (e.g., installing software and using CLI tools)
  • A free GitHub account and access to GitHub and GitHub codespaces
  • The ability to read and edit snippets of code

Who Should Attend?

This workshop is for AppSec and Product Security practitioners looking to bridge the gap between AppSec and development by gaining empathy for the developer experience. You must currently be in one of these roles, but you don't need any specialized knowledge—just curiosity and a willingness to learn.

Speakers

A photo of Jamie Scott — Founding Product Manager at Endor Labs.
Jamie Scott
Founding Product Manager
Endor Labs

A photo of Anand Sawant — Member of Technical Staff at Endor Labs.
Anand Sawant
Member of Technical Staff
Endor Labs

Schedule

No items found.

Heading

No items found.

Want to stay in the loop?

Sign up for our newsletter.

Subscribe
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
How to Detect LLM Prompt Injection Risks

How to Detect LLM Prompt Injection Risks

Learn how to detect prompt injection vulnerabilities in GenAI applications and prevent attackers from exploiting LLM-powered workflows.
Read more
Why Your AI Code Assistant Might Be Shipping CVEs

Why Your AI Code Assistant Might Be Shipping CVEs

LLMs often recommend outdated or vulnerable open source packages—here’s why it happens, why it matters, and how AppSec and DevOps leaders can stay ahead.
Read more
Anti-Pattern Avoidance: A Simple Prompt Pattern for Safer AI-Generated Code

Anti-Pattern Avoidance: A Simple Prompt Pattern for Safer AI-Generated Code

How CWE-specific prompts cut LLM code vulnerabilities by more than half.
Read more
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.