- Scaling your security programme with Security Champions.
- Scaling AppSec through Scorecards.
- Shifting down, not just left.
- Shifting to runtime.
- Reducing noise, prioritising what matters.
- Eliminating bug classes at scale. Stop Firefighting.
- Adopting browser security features at scale.
- Building paved roads – with guardrails along the way.
Maybe it’s just the talks I’ve attended and articles I read. Maybe it’s just my rabbit hole that I went into. Or maybe… we’re all collectively realising the same thing.
I hit a wall. At the end of 2024, I went all-in on automation. I built MVPs, tested capabilities, and made it my mission to influence others to do the same.
Now half in 2025, my mission has become:
-> Building platform security.
-> Providing paved roads.
-> Enabling teams to go faster, safely.
I had created some workshop content for my own organisation Sage, to make an impact how we work. And it’s great to see that the proactive material I created for Sage, is now going to make an impact outside of Sage.
Influenced from the Security Signals paper from the team at Google, I created hands-on workshop content to create a room, where engineers and security specialists can not only test out proactive browser security features, but identify and discuss all the challenges that have to be faced by doing so (large scale adoption, centralised, modern vs legacy apps, refactoring).
I am super excited, to say that I will have the chance, to talk about this more this year.
Agenda for Hacker Summer Camp 2025:
- BSidesLV
- Talk at Ground Floor, 14:00 Tuesday (5th August) | XSS is dead – Browser Security Features that Eliminate Bug Classes
- Workshop at Training Ground, 15:00-19:00 Tuesday (5th August) | Eliminating Bug Classes at Scale: Leveraging Browser Features for Proactive Defense
- DEF CON 33
- Talk at AppSecVillage (time to be scheduled) | The Death of XSS? Browser Security Features that Eliminate Bug Classes
- Workshop at DEF CON, LVCC – L2 – Workshops, 09:00-13:00 Saturday (9th August) | Eliminating Bug Classes at Scale: Leveraging Browser Features for Proactive Defense
Workshop Abstract
Traditional patching has failed to scale – it’s time for a new approach. This hands-on workshop teaches you to eliminate entire bug classes with modern browser security features instead of endlessly reacting to reports. Instead of firefighting the same issues, you’ll learn how Content-Security-Policy v3, Trusted Types, and Sec-Fetch-Metadata go beyond traditional recommendations to prevent vulnerabilities at scale.
You’ll work with a training app that’s already secured, but we’ll go further. By applying advanced browser defenses, testing effectiveness, and enforcing security at scale, you’ll experience firsthand how modern web standards protect both new and legacy systems.
This isn’t just about fixing issues – it’s about scaling security across an organization. We’ll explore measuring adoption across hundreds of services, automating enforcement, and applying defense-in-depth beyond single vulnerabilities.
Through interactive group challenges, you’ll tackle real-world vulnerabilities, enforce modern safeguards, and transform how you approach web security. Whether you’re a developer, security engineer, or architect, you’ll leave with practical tools and a proactive security mindset – moving from patching to prevention.