Javan Rasokat
Senior Application Security Specialist at Sage
Karlsruhe, Germany
Actions
Javan is a Senior Application Security Specialist at Sage, where he supports product teams in strengthening security across the software development lifecycle. He also lectures on Secure Coding at DHBW University in Germany. His journey into ethical hacking began at a young age, when he built bots to automate online games and uncovered security flaws, which he responsibly reported to game operators. Turning this passion into a career, Javan started out as a full-stack web and mobile engineer before moving into security consulting. He holds a Master’s degree in IT Security Management and multiple certifications, including GXPN, AIGP, CISSP, CCSP, and CSSLP. Javan has presented his research and delivered hands-on workshops at conferences such as DEFCON, OWASP Global AppSec and Blackhat.
Links
Area of Expertise
Topics
Stop Firefighting Vulnerabilities, Start Eliminating Bug Classes at Scale: Hands-On
In this hands-on workshop, you'll move beyond traditional vulnerability patching. You won't just learn what the vulnerabilities are - you'll learn how to mitigate them at scale across your organisation.
Participants are given real-world vulnerabilities to tackle. Your challenge: instead of just "fixing" them, you'll work together to eliminate them. With the guidance of the lecturer, you'll explore techniques, including automating security mechanisms, and leveraging the most modern web standards (e.g. CSP3, Trust-Types, Sec-Fetch).
By the end of this workshop, you'll walk away with a deep understanding of how to make vulnerability classes obsolete and ensure your systems are resilient to whole categories of attacks.
Whether you’re a developer, security engineer, this workshop will change how you approach security by focusing on scalability, automation, and proactive safeguards.
XSS is dead - Browser Security Features that Eliminate Bug Classes
Traditional AppSec is broken - patching doesn’t scale, and the same vulnerabilities keep coming back. This talk shows how modern browser security features can eliminate entire bug classes like XSS and CSRF at scale. Learn how to automate, enforce, and shift from reactive fixes to proactive defense.
When Chatbots Go Rogue – Lessons Learned from Building and Defending LLM Applications
From theory to practice: dive into the lessons learned from building and defending an LLM application. This talk offers firsthand insights into the challenges and breakthroughs experienced while developing and securing large language models in real-world settings. We'll explore critical vulnerabilities, innovative defense strategies, and practical tips for enhancing the robustness of AI applications. Join us to gain actionable knowledge that can help you navigate the evolving landscape of AI security with confidence.
The Death of XSS? Browser Security Features that Eliminate Bug Classes
We’re stuck in a cycle of bug bounties, vulnerability reports, and endless patching - yet the same issues keep resurfacing. Even after years of "shifting left", vulnerabilities still reach production, keeping security teams in firefighting mode.
What if we could eliminate entire bug classes instead of fixing them one by one?
This talk explores how modern browser security features can automate and scale protection - without relying solely on developers to remember best practices. Opt-in mechanisms like Content Security Policy v3, Trusted Types, and Sec-Fetch-Metadata offer powerful defenses against XSS, CSRF, clickjacking, and cross-origin attacks.
We'll show how these new, underused browser capabilities - which simply didn’t exist a few years ago - enable secure-by-default architectures. Real-world examples will demonstrate practical integration strategies, automated security headers, secure defaults, and ways to track adoption and impact.
How Latest Browser Security Features Eliminate Bug Classes
Traditional application security is broken. We're stuck in a cycle of bug bounties, vulnerability reports, and endless patching - yet the same issues keep coming back. Despite years of "shifting left," vulnerabilities still regularly slip into production, leaving security teams firefighting instead of implementing meaningful safeguards. What if we could stop fixing vulnerabilities one by one and instead eliminate entire bug classes?
This talk explores how modern browser security features can automate and scale security effectively, allowing developers and security engineers to proactively remove entire classes of vulnerabilities - without relying solely on developers remembering security best practices.
The landscape of browser security standards has dramatically shifted, bringing powerful opt-in mechanisms that didn't exist three years ago, such as Content-Security-Policy v3, Trusted Types, Sec-Fetch-Metadata, and others. We'll examine how these standards can systematically prevent vulnerabilities like XSS, CSRF, clickjacking, and cross-origin attacks, transforming security from a reactive patching cycle into a proactive, scalable defense strategy.
Using real-world case studies, you'll see how leading organisations have leveraged these new browser-native security features to systematically eliminate vulnerabilities at scale. We'll discuss practical ways for teams to integrate these browser protections into their existing programs, automate security headers, enforce secure defaults across large-scale environments, and measure adoption effectively.
If you're a developer or security engineer, ready to move beyond endless vulnerability patching and start building applications that are secure by design, this session is for you. Learn how to automate, scale, and ultimately forget entire bug classes by harnessing the latest advances in browser security.
Builders and Breakers: A Collaborative Look at Securing LLM-Integrated Apps
As Large Language Models (LLMs) become an integral part of modern applications, they not only enable new functionalities but also introduce unique security vulnerabilities. In this collaborative talk, we bring together two perspectives: a builder who has experience developing and defending LLM-integrated apps, and a penetration tester who specialises in AI red teaming. Together, we’ll dissect the evolving landscape of AI security.
On the defensive side, we’ll explore strategies like prompt injection prevention, input validation frameworks, and continuous testing to protect AI systems from adversarial attacks. From the offensive perspective, we’ll showcase how techniques like data poisoning and prompt manipulation are used to exploit vulnerabilities, as well as the risks tied to generative misuse that can lead to data leaks or unauthorised actions.
Through live demonstrations and real-world case studies, participants will witness both the attack and defence in action, gaining practical insights into securing AI-driven applications. Whether you’re developing AI apps or testing them for weaknesses, you’ll leave this session equipped with actionable knowledge on the latest methods for protecting LLM systems. This collaborative session offers a comprehensive look into AI security, combining the expertise of two professionals with distinct backgrounds - builder and breaker.
OWASP Global AppSec USA 2025 - CFP (Washington, D.C) Sessionize Event Upcoming
OWASP LASCON 2025 Sessionize Event Upcoming
OWASP AppSec Days Singapore 2025 - CfP Sessionize Event Upcoming
AppSec Village - DEF CON 33 Sessionize Event
OWASP Global AppSec EU 2025 - CFP Sessionize Event
NDC Security 2025 Sessionize Event
AppSec Village - DC32 Sessionize Event
Javan Rasokat
Senior Application Security Specialist at Sage
Karlsruhe, Germany
Links
Actions
Please note that Sessionize is not responsible for the accuracy or validity of the data provided by speakers. If you suspect this profile to be fake or spam, please let us know.
Jump to top