Javan Rasokat
We’re stuck in a cycle of bug bounties, vulnerability reports, and endless patching - yet the same issues keep resurfacing. Even after years of "shifting left", vulnerabilities still reach production, keeping security teams in firefighting mode.
What if we could eliminate entire bug classes instead of fixing them one by one?
This talk explores how modern browser security features can automate and scale protection - without relying solely on developers to remember best practices. Opt-in mechanisms like Content Security Policy v3, Trusted Types, and Sec-Fetch-Metadata offer powerful defenses against XSS, CSRF, clickjacking, and cross-origin attacks.
We'll show how these new, underused browser capabilities - which simply didn’t exist a few years ago - enable secure-by-default architectures. Real-world examples will demonstrate practical integration strategies, automated security headers, secure defaults, and ways to track adoption and impact.
Javan Rasokat
Senior Application Security Specialist at Sage
Javan works as Senior Application Security Specialist at Sage, helping product teams enhance security throughout the software development lifecycle. On the side, he lectures Secure Coding at DHBW University in Germany. His journey as an ethical hacker began young, where he began to automate online games creating bots and identified security bugs, which he then reported to the game operators. Javan made his interests into his profession and began as a full stack web and mobile engineer before transitioning into a passionate security consultant. Javan holds a Master’s degree in IT Security Management and several certifications, including GXPN, AIGP, CISSP, CCSP, and CSSLP. He has shared his research at conferences, including OWASP Global AppSec, AppSec Village, and HITB.