Wednesday
Room 1
16:00 - 16:30
(UTC+02)
Talk (30 min)
Teaching your coding agent defensive coding
You've seen the tweets about vibe-coded apps getting hacked over silly mistakes — but what can we actually do about it? AI coding agents are amplifiers: they ship faster, but they also ship insecure code, and asking them to "make it secure" rarely works.
This talk shows a better approach: shift the focus from chasing specific attacks to teaching solid defensive coding principles. We'll build security knowledge directly into the agent — using skills, hooks, and standards — so it looks up the right guidance, plans for it, and reviews its own work. You'll leave knowing how to make your agent produce secure code far more often, by default.
Erlend Oftedal
Erlend has worked as a developer and security consultant for over 20 years, trying to build and break many different types of systems. He spends some of his free time on security research and open source tools, and is the main author behind retire.js - a free and open source scanner for JavaScript. He is also the chapter leader of the Norwegian OWASP chapter.