Application Security

Now Live: CodeSecCon – Where Software Security’s Next Chapter Unfolds (Virtual Event)

Taking place August 12-13, CodeSecCon is the premier virtual event bringing together developers and cybersecurity professionals to revolutionize the way applications are built, secured, and maintained.

Software is moving faster than ever…and so are the threats chasing it. From AI-powered attacks to hidden risks in the software supply chain, security and development teams are being forced to solve problems they’ve never faced before.

CodeSecCon 2025, taking place today and tomorrow (August 12-13), is where those problems get pulled into the light. Over two days, the free, virtual conference will unite security leaders, engineers, and DevOps pros to tackle today’s most urgent challenges and to explore the breakthroughs that could redefine how we build and protect modern applications.

From Unsolved Problems to Emerging Risks

Even with decades of progress, application security still has unfinished business. Clinton Herget of Snyk will open the conversation on persistent gaps — from inaccurate static testing to the elusive dream of risk-based prioritization — asking whether AppSec is keeping pace with innovation or falling behind.

And while open source fuels innovation, Adam La Morre of Chainguard will expose a lesser-known risk: the mismatch between published packages and their upstream source, a silent supply chain vulnerability that could affect millions of applications.

Rethinking Compliance, Training, and Trust

SBOMs have been hyped, criticized, and regulated. Michael Lieberman of Kusari will move beyond the debate to show how to make them actionable, turning a compliance requirement into a security asset.

Shifting left is one thing, but Boomie Odumade argues that lasting security comes from teaching right. Her session will unpack how relevant, behavior-shaping training can embed security into the developer mindset.

Advertisement. Scroll to continue reading.

And with non-human identities already outnumbering humans in enterprise systems, Dwayne McDaniel of GitGuardian will explore how to secure this fast-growing, easily exploited attack surface.

AI: The Opportunity and the Threat

AI runs through much of this year’s agenda — both as a defensive tool and a new frontier for attackers.

  • Anupam Chansarkar of Amazon will show how LLM hallucinations can create exploitable vulnerabilities, and how cross-verification can help.
  • Nikhil Kassetty will outline a DevSecOps blueprint for embedding AI into applications without exposing new risks.
  • David Burns of BrowserStack will explore the Model Context Protocol (MCP) and the security challenges of AI agents that can act, browse, and automate.

Building Security for Scale

Other sessions dive into scaling security for modern architectures:

  • Hitesh Subnani of Amazon on code-to-cloud visibility for tighter feedback loops.
  • Manas Sharma of Google on ML-driven database defenses that adapt in milliseconds.
  • Vaishnavi Gudur of Microsoft on AI-powered web security that detects and stops threats in real time.

CodeSecCon is a live conversation about where software security is headed, and how we can get there safely. If you’re building, defending, or governing modern applications, this is where you’ll find the strategies, tools, and peers to help you keep up.

📅  August 12–13, 2025
🌐  See the full agenda at codeseccon.com

Related Content

Vulnerabilities

Buffer overflow, DoS, command injection, SSRF, authentication bypass, and other types of vulnerabilities have been found in PAN-OS software.

Vulnerabilities

The privilege escalation vulnerability tracked as CVE-2026-50656 has been patched with a Microsoft Malware Protection Engine update.

Artificial Intelligence

Wiz has disclosed the details of a new AI coding assistant attack method it has dubbed GhostApproval.

Vulnerabilities

The security refresh resolves 13 use-after-free bugs, including two critical-severity flaws found by Google.

Vulnerabilities

Tracked as CVE-2026-11405, the vulnerability allows unauthenticated attackers to access a device's web management interface.

Artificial Intelligence

The "Rogue Agent" vulnerability could have enabled attackers to silently manipulate AI conversations, exfiltrate data, and compromise every Dialogflow CX agent within the same...

Artificial Intelligence

Researchers show how attackers can use a crafted public GitHub Issue to trick AI-powered workflows into exposing data from private repositories without authentication.

Vulnerabilities

Attackers are exploiting the critical Gitea vulnerability CVE-2026-20896 to bypass authentication with a single HTTP header and access vulnerable repositories and secrets.

Copyright © 2026 SecurityWeek ®, a Wired Business Media Publication. All Rights Reserved.

Exit mobile version