All Deep Dives From Owasp. Talks analyzed in full.
Learn the three hidden costs of software composition analysis and how to match SCA tools to your AppSec program maturity.
Learn a proven 7-phase AI red teaming methodology, prompt injection taxonomy, and real enterprise case studies for assessing LLM systems.
Learn how malicious VS Code extensions bypass Microsoft's safeguards to steal credentials and execute code on developer machines — and the only defense that actually works.
Learn to threat-model AI agents for indirect prompt injection: enumerate tools, map AI-specific attack vectors, and automate dynamic testing with TamperMonkey.
Learn how to build specialized AI security bots and apply generative AI across red team, blue team, and purple team workflows using a proven prompt engineering methodology.
Learn to assess AI code generation security risks—from package hallucination to IP liability—and apply governance controls that protect your SDLC.
Learn how Snapchat uncovered three chained, high-impact bug bounty findings—supply chain RCE, Android deep link abuse, and Jupyter XSS-to-RCE—and the program capabilities each forced them to build.
Learn to exploit OWASP ML Top 10 risks hands-on — supply chain attacks, data poisoning, and output integrity bypasses against a real AWS SageMaker infrastructure.
Learn how to apply structured threat modeling to AI/ML systems using the ML SecOps framework, three diagnostic questions, and OWASP AI Exchange controls.
Learn how adversarial ML attacks silently bypass AI security controls and how to apply AI security threat modeling using Project Guardrail's tiered questionnaire framework.
Learn to find WebRTC security vulnerabilities — TURN relay abuse, RTP injection, and signaling DoS — that most web and API pentesters miss entirely.
Learn how a 10-month experiment quantified AST accuracy in application security testing — and why the best automated scanner scored just 36.9% F1.
Learn why server-side HTML sanitization is structurally broken and how client-side tools like DOMPurify eliminate parser differential XSS bypasses.
Learn how GraphQL ID and String scalars enable path traversal-based secondary context attacks in BFF architectures. Two real-world critical exploits and defensive strategies.
