Liran Tal

Developers have gone full-steam from traditional programming to AI code assistants and vibe coding but where does that leave application security? What are the risks of LLMs introducing insecure code and AI applications manipulated through prompt engineering to bypass security controls?In a series of real-world application hacking demos I’ll demonstrate how developers mistakenly trust LLMs in generative AI code assistants that introduce insecure code and result in vulnerable applications that attackers easily exploit against you. We don’t stop here. We’ll apply adversarial attacks on neural networks in the form of prompt injection payloads to compromise LLMs integrated into AI application workflows and weaponize them for SQL injection and other business logic bypass.Join me in this session where you’ll learn how security vulnerabilities such as path traversal, prototype pollution, sql injection and other AI security risks are impacting LLMs and how to leverage AI security guardrails to secure GenAI code.

React has a great security standard as default, but if you don’t pay close attention to the details you could get burned by some of the escape hatches APIs, or even by just passing props insecurely to components. I’ll teach you how to avoid these pitfalls.

The omnipresence of open-source software and low-barrier of entry on npmjs are serving as a catalyst for supply chain security incidents that are continuously impacting JavaScript developers. What can we do to protect ourselves?

The adoption of open-source software continues to grow and creates significant security concerns for everything from software supply chain attacks in language ecosystem registries to cloud-native application security concerns. In this session, we will explore how developers are targeted as a vehicle for malware distribution, how immensely we depend on open-source maintainers to release timely security fixes, and how the race to the cloud creates new security concerns for developers to cope with, as computing resources turn into infrastructure as code.

Modern frontend frameworks like React are well thought-of in their application security design and that’s great. However, there is still plenty of room for developers to make mistakes and use insecure APIs, vulnerable components, or generally do the wrong thing that turns user input into a Cross-site Scripting vulnerability (XSS). Let me show you how React applications get hacked in the real-world.

Modern frontend frameworks like React are well thought-of in their application security design and that’s great. However, there is still plenty of room for developers to make mistakes and use insecure APIs, vulnerable components, or generally do the wrong thing that turns user input into a Cross-site Scripting vulnerability (XSS). Let me show you how React applications get hacked in the real-world.