Roulette of Risk: How Guardrails Beat the Odds in Secure Coding
Ever feel like AppSec is just spinning the wheel and hoping developers hit ‘secure’? In this talk, we break down why traditional approaches like alerts and triage fail, and how smart, opinionated guardrails actually work. Using real-world examples (including a live injection vuln in a popular Python connector), we’ll walk through a repeatable framework to move from bugs → patterns → prevention. You’ll leave with a step-by-step playbook to build guardrails that scale across orgs—and eliminate entire classes of risk before the commit. No YAML shaming. No guilt trips. Just productized security that doesn’t feel like a gamble
[Track 6] Injecting Security Context During Vibe Coding
Vibe coding with AI tools like Cursor is fast, but it quietly bypasses traditional AppSec controls. In this talk, we demo an MCP server that injects security context directly into the AI coding loop. Before code is generated, it pulls threat models, security requirements, and OWASP guidance for your task. After generation, it verifies the output for vulnerabilities and if it meets the security standards
Exploiting MCP Design Flaws: Hijacking the Protocol Itself
The Model Context Protocol (MCP) is quickly becoming the connective tissue between AI agents and the outside world. But its design decisions and assumptions have created 'seamless' AI integration into a dangerous attack surface.
What was built to standardize and simplify agent–tool integrations is now riddled with trust gaps that can be exploited to seize control of entire workflows.
This talk is an offensive tour of MCP’s weak spots. We’ll demonstrate how attackers can:
Poison tool descriptions to hijack an agent’s behavior.
Exploit line-jumping attacks to execute code before a user ever calls a tool.
Abuse shared memory and unvalidated context for stealthy persistence and exfiltration.
Pull off version-drift rug pulls, quietly swapping safe tools for malicious ones.
Through live demos and real attack scenarios, we’ll show how little effort it takes to weaponize MCP’s core features against unsuspecting users. By the end, you’ll see why MCP should be treated less like an integration protocol and more like an attack surface.
AppSec Engineers Are Not Going Extinct—AI is Your New Sidekick
With the rise of AI-powered security tools, there’s growing concern that AI will replace security engineers. But the reality is quite the opposite—AI is lowering the barrier to entry, automating repetitive tasks, and amplifying security teams’ capabilities. Instead of replacing AppSec professionals, AI is becoming their most powerful sidekick, helping them detect, triage, and remediate vulnerabilities faster than ever before.
This session explores how AI is reshaping the daily workflows of security engineers, from automated STRIDE threat modeling to AI-assisted code review and remediation. We will examine real-world case studies of teams that have successfully integrated AI into their security pipelines, increasing productivity while maintaining human oversight and critical decision-making.
We’ll also discuss how AI changes career paths in security, including what new skills AppSec engineers should develop to stay ahead in an AI-powered landscape. Whether you’re a security veteran or new to the field, this talk will provide actionable insights on how to leverage AI rather than fear it—ensuring that AI works for you, not against you.
Please note that Sessionize is not responsible for the accuracy or validity of the data provided by speakers. If you suspect this profile to be fake or spam, please let us know.
Jump to top