[germany-chapter] 14.04.2026 18:00 OWASP Stammtisch Stuttgart: How Latest Browser Security Features Eliminate Bug Classes
5 views
Skip to first unread message
Sven Strittmatter
Apr 9, 2026, 9:01:15 AM (5 days ago) Apr 9
to Germany chapter
Hello 👋
Nothing planned for 14.04.2026 evening? It's OWASP Stammtich Stuttgart
again from 18:00 in the
premises of iteratec GmbH (Zettachring 6, 70567 Stuttgart).
Topic: How Latest Browser Security Features Eliminate Bug Classes
Traditional application security is broken. We're stuck in a cycle of
bug bounties, vulnerability reports, and endless patching - yet the same
issues keep coming back. Despite years of "shifting left,"
vulnerabilities still regularly slip into production, leaving security
teams firefighting instead of implementing meaningful safeguards. What
if we could stop fixing vulnerabilities one by one and instead eliminate
entire bug classes?
This talk explores how modern browser security features can automate and
scale security effectively, allowing developers and security engineers
to proactively remove entire classes of vulnerabilities - without
relying solely on developers remembering security best practices.
The landscape of browser security standards has dramatically shifted,
bringing powerful opt-in mechanisms that didn't exist three years ago,
such as Content-Security-Policy v3, Trusted Types, Sec-Fetch-Metadata,
and others. We'll examine how these standards can systematically prevent
vulnerabilities like XSS, CSRF, clickjacking, and cross-origin attacks,
transforming security from a reactive patching cycle into a proactive,
scalable defense strategy.
Using real-world case studies, you'll see how leading organisations have
leveraged these new browser-native security features to systematically
eliminate vulnerabilities at scale. We'll discuss practical ways for
teams to integrate these browser protections into their existing
programs, automate security headers, enforce secure defaults across
large-scale environments, and measure adoption effectively.
If you're a developer or security engineer, ready to move beyond endless
vulnerability patching and start building applications that are secure
by design, this session is for you. Learn how to automate, scale, and
ultimately forget entire bug classes by harnessing the latest advances
in browser security.
Speaker: Javan Rasokat
Javan is an Application Security Architect and Doctoral Security
Researcher focused on how organisations adopt and scale modern security
controls in real engineering ecosystems. At Sage he helps product and
platform teams ship secure cloud software without slowing down,
designing practical AppSec architecture, embedding security into
everyday workflows, and building automation that surfaces issues across
large, distributed systems. His path started in ethical hacking,
automating online games and reporting flaws as a teenager, then moved
through full-stack web and mobile engineering before shifting fully into
product security. That blend of builder and breaker experience shapes
his current work: partnering with engineering and operations teams,
driving secure design decisions, and creating tooling that reduces risk
at scale. Javan holds a Master's degree in IT Security Management and
certifications including GXPN, AIGP, CISSP, CCSP, and CSSLP. Over the
past decade he has presented research and delivered hands-on workshops
at conferences such as DEFCON, Blackhat and OWASP Global AppSec.
Details:
https://www.linkedin.com/events/owaspstuttgartchapterstammtisch7425445519407112192/
CU
--sven
Nothing planned for 14.04.2026 evening? It's OWASP Stammtich Stuttgart
again from 18:00 in the
premises of iteratec GmbH (Zettachring 6, 70567 Stuttgart).
Topic: How Latest Browser Security Features Eliminate Bug Classes
Traditional application security is broken. We're stuck in a cycle of
bug bounties, vulnerability reports, and endless patching - yet the same
issues keep coming back. Despite years of "shifting left,"
vulnerabilities still regularly slip into production, leaving security
teams firefighting instead of implementing meaningful safeguards. What
if we could stop fixing vulnerabilities one by one and instead eliminate
entire bug classes?
This talk explores how modern browser security features can automate and
scale security effectively, allowing developers and security engineers
to proactively remove entire classes of vulnerabilities - without
relying solely on developers remembering security best practices.
The landscape of browser security standards has dramatically shifted,
bringing powerful opt-in mechanisms that didn't exist three years ago,
such as Content-Security-Policy v3, Trusted Types, Sec-Fetch-Metadata,
and others. We'll examine how these standards can systematically prevent
vulnerabilities like XSS, CSRF, clickjacking, and cross-origin attacks,
transforming security from a reactive patching cycle into a proactive,
scalable defense strategy.
Using real-world case studies, you'll see how leading organisations have
leveraged these new browser-native security features to systematically
eliminate vulnerabilities at scale. We'll discuss practical ways for
teams to integrate these browser protections into their existing
programs, automate security headers, enforce secure defaults across
large-scale environments, and measure adoption effectively.
If you're a developer or security engineer, ready to move beyond endless
vulnerability patching and start building applications that are secure
by design, this session is for you. Learn how to automate, scale, and
ultimately forget entire bug classes by harnessing the latest advances
in browser security.
Speaker: Javan Rasokat
Javan is an Application Security Architect and Doctoral Security
Researcher focused on how organisations adopt and scale modern security
controls in real engineering ecosystems. At Sage he helps product and
platform teams ship secure cloud software without slowing down,
designing practical AppSec architecture, embedding security into
everyday workflows, and building automation that surfaces issues across
large, distributed systems. His path started in ethical hacking,
automating online games and reporting flaws as a teenager, then moved
through full-stack web and mobile engineering before shifting fully into
product security. That blend of builder and breaker experience shapes
his current work: partnering with engineering and operations teams,
driving secure design decisions, and creating tooling that reduces risk
at scale. Javan holds a Master's degree in IT Security Management and
certifications including GXPN, AIGP, CISSP, CCSP, and CSSLP. Over the
past decade he has presented research and delivered hands-on workshops
at conferences such as DEFCON, Blackhat and OWASP Global AppSec.
Details:
https://www.linkedin.com/events/owaspstuttgartchapterstammtisch7425445519407112192/
CU
--sven
Reply all
Reply to author
Forward
0 new messages