Speaker’s details

Threat modeling isn’t exactly a new concept, but it has recently become a must-have in product design. With cybersecurity threats on the rise and the pressure to deliver faster, security often ends up on the back burner—usually discovered during QA or, worse, after the code is already out the door. At that point, it’s either a headless-chicken chase to fix things or a recipe for disaster.

Developers are the ones who really know how applications are supposed to work, so security needs to be part of the conversation from the start. Yet, for some reason, threat modeling is still seen as a "cybersecurity expert-only" club.

In this talk, I’ll walk through the threat modeling process, highlight key risk concepts, and show how we can all work together to avoid those "oops" moments. Because, honestly, building secure applications is way more fun when we’re all in it together!

Get ready for an epic showdown in the world of API security! In this live demo, we will walk you through real-world API vulnerabilities based on the OWASP Top 10 API Security Risks. The session will feature a hacking “smackdown”, with us playing the roles of attacker and defender, exposing vulnerabilities and securing them in real-time.

After each round, you will be able to recognize and understand these threats in your own work, and learn how to implement robust security controls to make sure these vulnerabilities don’t come to life.

Along the way, you will learn how to build smarter defenses, avoid common pitfalls, and secure your APIs. With a dash of humor and plenty of practical insights, this talk promises to be as entertaining as it is informative, because, after all, securing your APIs doesn’t have to be a fight to the death, just a fun challenge!