The workshops from the list below are the complimentary part of full tickets.

The recordings of most workshops will be shared with full ticket holders after the conference.

Workshops will be run remotely via Zoom.

Bar Hofesh, Oliver Moradov

JS Security Testing Automation for Developers on Every Build

As a developer, you need to deliver fast, and you simply don't have the time to constantly think about security. Still, if something goes wrong it's your job to fix it, but security testing blocks your automation, creates bottlenecks and just delays releases...but it doesn't have to...

NeuraLegion's developer-first Dynamic Application Security Testing (DAST) scanner enables developers to detect, prioritise and remediate security issues EARLY, on every commit, with NO false positives / alerts, without slowing you down.

Join this workshop to learn different ways developers can access Nexploit & start scanning without leaving the terminal!

We will be going through the set up end-to-end, whilst setting up a pipeline, running security tests and looking at the results.

Table of contents
  • - What developer-first DAST (Dynamic Application Security Testing) actually is and how it works
  • - See where and how a modern, accurate dev-first DAST fits in the CI/CD
  • - Integrate NeuraLegion's Nexploit scanner with GitHub Actions
  • - Understand how modern applications, APIs and authentication mechanisms can be tested
  • - Fork a repo, set up a pipeline, run security tests and look at the results

To join in on the fun and to supercharge your security testing, you will need the following:

  • A FREE Nexploit security scanner account - Sign up here, it literally takes minutes, no card details required - SIGN UP
  • A GitHub Account - we'll be forking a repo, running a GitHub actions workflow together and running a security scan!
  • Join our Discord for on-the-go support during the workshop and beyond:
  • Dont forget to also sign up for the Nintendo Switch Giveaway in the Perks section!

Workshop schedule & location

Date & time: November 15, 16:00-18:00 CET. Remote.

Serkan Ozal, Oguzhan Ozdemir, Ilker Sarac

Live e2e test debugging for a distributed serverless application

In this workshop, we will be building a testing environment for a pre-built application, then we will write and automate end-to-end tests for our serverless application. And in the final step, we will demonstrate how easy it is to understand the root cause of an erroneous test by using distributed testing and how to debug it in our CI/CD pipeline with Thundra Foresight.

Table of contents
  • - How to set up and test your cloud infrastructure
  • - How to write and automate end-to-end tests for your serverless workloads
  • - How to debug, trace, and troubleshot test failures with Thundra Foresight in your CI/CD pipelines

The attendees will need to have an AWS Account, Node.js installed in the account. Development familiarity with serverless is beneficial.

Workshop schedule & location

Date & time: November 15, 18:00-21:00 CET. Remote.

Alexander Weekes, Rodrigo Donini

Designing A Sustainable Freelance Career

Would you like to pursue your passions and have more control over your career? Would you like schedule and location flexibility and project variety? Would you like the stability of working full-time and getting paid consistently? Thousands of companies have embraced remote work and realize that they have access to a global talent pool. This is advantageous for anyone who has considered or is currently considering freelance work.

Freelancing is no longer an unstable career choice.

This workshop will help you design a sustainable and profitable full-time (or part-time) freelancing career. We will give you tools, tips, best practices, and help you avoid common pitfalls.

During the Workshop break, we will be running a speed-coding challenge! At the end of the workshop, we will award a prize for the winner and display the leaderboard.

We will have you login to our portal and complete each challenge as fast as you can to earn points. Points are assigned based on difficulty and the speed at which you solve the tasks. In case you complete all tasks, you get extra points for the remaining time. You’ll see your score, ranking, and the leaderboard once you complete the challenge.

We will be giving away Apple’s newest Apple Watch (Series 8) to the winner of the challenge. For second and third place, we will give way a Steam Gift Card.

Table of contents
  • - Module 1: Dispelling common myths about freelancing
  • - Module 2: What does freelancing look like in 2021 and beyond
  • - Module 3: Freelancing choices and what to look for (and what to avoid)
  • - Module 4: Benefits of freelancing from a freelancer + case study
  • - Module 6: How to get started freelancing (experience, resume, preparation)
  • - Module 7: Common paths to full-time freelancing
  • - Module 8: Essentials: setting your rate and getting work
  • - Module 9: Next steps: networking with peers, upskilling, changing the world
  • - Module 10: Freelancer AMA
Workshop schedule & location

Date & time: November 16, 15:00-18:00 CET. Remote.

Zachary Conger

JS Security Testing in GitHub Actions

Software development has changed - Frequent deployments, APIs, GraphQL, Cloud Architecture and CI/CD Automation are the norm. So why is security testing the same way it was a decade ago?

Leading teams are realizing that periodical penetration testing and security audits is not enough when code is being shipped daily. Instead, these teams are using developer-centric tools to run automated security testing in a CI/CD pipeline. Join Zachary Conger as he walks through how to automate application JS security testing using GitHub actions.

Workshop schedule & location

Date & time: November 16, 17:00-19:00 CET. Remote.

Noa Moshe

How to Exploit Real World Vulnerabilities

This workshop will lead you through installing and exploiting a number of intentionally vulnerable applications. The applications will use real world packages with know vulnerabilities, including:

  • Directory traversal
  • Regular expression denial of service (ReDoS)
  • Cross site scripting (XSS)
  • Remote code execution (RCE)
  • Arbitrary file overwrite (Zip Slip)

These exploits exist in a number of applications, most of which you will need to install either locally or on a cloud instance.

You can do this workshop in 2 different flavours:

  • Using the prepared Docker images OR
  • Install everything on your local machine.
Workshop schedule & location

Date & time: November 17, 15:00-17:00 CET. Remote.

Bonnie Schulkin

Automated accessibility testing with jest-axe and Lighthouse CI

Do your automated tests include a11y checks? This workshop will cover how to get started with jest-axe to detect code-based accessibility violations, and Lighthouse CI to validate the accessibility of fully rendered pages. No amount of automated tests can replace manual accessibility testing, but these checks will make sure that your manual testers aren't doing more work than they need to.

Workshop schedule & location

Date & time: November 22, 17:00-20:00 CET. Remote.

Vandana Verma

Learn to defend by learning the hacker mindset

The Application Security Training is a 3 Hour training. This Training is intended for those who are interested in making a career in the Information Security domain. This training involves real world scenarios that every Security Professional must be well versed with. It involves decompiling, real-time analyzing and testing of the applications from a security standpoint.

This training covers understanding the internals of web and mobile web applications, Real-time testing of web applications and android applications and a strategic approach to analyze applications for OWASP Top 10 vulnerabilities (Web) security issues such as Injections, Cross Site Scripting (XSS), CSRF Attacks, Insecure API’s, Insecure logging, Insecure communication, Insufficient cryptography, Insecure authentication and Poor code quality and many more.

Workshop schedule & location

Date & time: November 23, 16:00-19:00 CET. Remote.

Cecelia Martinez

Flaky Test Management with Cypress

This workshop is for Cypress users who want to step up their game against flake in their test suites. Leveraging the Cypress Real World App, we’ll cover the most common causes of flake, code through some examples of how to make tests more flake resistant, and review best practices for detecting and mitigating flake to increase confidence and reliability.

Table of contents
  • - Cypress Real World App Overview
  • - What is Flake?
  • - Causes of Flake
  • - Managing Network-related Flake (Activity)
  • - Managing Dom-relate Flake (Activity)
  • - Flake Detection and Mitigation Best Practices
  • - Q&A

Follow the instructions here to ensure you have the required dependencies on your machine to install Cypress

Follow the instructions here to ensure you can install and run the Cypress Real World App on your machine. Make sure you are pulling down the flake-demo branch for this workshop.

Workshop level


Workshop schedule & location

Date & time: November 24, 18:00-21:00 CET. Remote.

Juarez Barbosa Junior

Static Web Apps demo – CI/CD, Deployment and Test Pipeline on Azure

A real-world demo and a playground for Azure Static Web Apps service.

Workshop schedule & location

Date & time: November 25, 17:00-20:00 CET. Remote.


Bar Hofesh
NeuraLegion, Israel

Bar is the CTO and Co-founder of NeuraLegion and their AppSec testing automation platform Nexploit, enabling developers to detect and remediate security issues early as part of their CICD pipelines. A cyber security veteran with more than a decade of experience acting as a Security Officer, Researcher, Developer and Software Architect, Bar is committed to transforming the way organisations test their apps and APIs, with automation that keeps up with their rapid release cycles.

Oliver Moradov
NeuraLegion, UK

Oli is VP of NeuraLegion's developer focussed security testing platform, helping developers understand how they can run seamless, fast and accurate security tests on every build.

Oli works closely with security and engineering teams globally to help them ship secure software more efficiently and is passionate about automation, CI/CD and DevOps / DevSecOps.

Oli has spoken at many conferences internationally and is a regular at developer and security related events and meetups.

Serkan Ozal
Thundra, Turkey

Co-Founder & CTO at Thundra | AWS Serverless Hero.

Oguzhan Ozdemir
Thundra, Turkey

Solutions Engineer at Thundra.

Ilker Sarac
Thundra, Turkey

Senior Frontend Engineer at Thundra.

Alexander Weekes
Toptal, UK

Alex's skills as a project manager helped integrate athlete management tech into many UK universities such as Birmingham City University. He joined Toptal to add his expertise in agile methodologies and best practice leadership techniques to help complete innovative projects and add value to end users' products. As a PMI member, he is proficient at operating within a varied company structure from SMEs to enterprise organizations.

Rodrigo Donini
Toptal, Spain

Rodrigo is a focused developer who produces digital projects for agencies around the world. He has 20 years of experience using various methodologies and tech in most web and mobile projects. He has a strong knowledge base of the WordPress world and is very engaged with the community: building custom themes, plugins, and core customizations. He specializes in WordPress, developing for the front-end back-end and in managing digital projects.

Zachary Conger
StackHawk, USA

Zachary is a Senior DevOps Engineer at StackHawk. As a startup junkie, he has played many roles including operations, engineering, product development, and leadership. In his current role, he is focused on the evolving CI/CD landscape and how this diverse set of technologies can be used to improve the productivity of software developers, and the quality of the code they produce. Outside of work he enjoys music, photography, cycling, and various pastimes.

Noa Moshe
Snyk, Israel

Associate Solutions Engineer @ Snyk.

Bonnie Schulkin
Teacher, Coder & Testing Enthusiast, USA

In her 18 years in the software industry, Bonnie has discovered that she loves all things testing (how great is it when testing reveals exactly what you need to fix about your refactor or new feature?). She's particularly devoted to Test Driven Development for its emphasis on planning before coding. Bonnie is equally passionate about teaching, and she's pleased as punch to be producing online content full time. She feels weird writing about herself in the third person.

Vandana Verma
Global Board of Directors - OWASP, India

Vandana is Security Solutions Architect at IBM India Software Labs. She is a member of the OWASP Global Board of Directors. She has experience ranging from Application Security to Infrastructure and now dealing with Product Security. She also works in various communities towards diversity initiatives InfosecGirls & WoSec. She has been Keynote speaker / Speaker / Trainer at various public events including Global OWASP AppSec events to BlackHat events to regional events like BSides events in India.

Vandana is a member of the Black Hat Asia Review Board as well as multiple other conferences including Grace Hopper India, OWASP AppSec USA to name a few. She is also one of the organiser of BSides Delhi.

She has been the recipient of multiple prestigious awards like Cyber Security Woman of the Year Award 2020 by Cyber Sec Awards, Application Security Influencer 2020 by Whitesource, Global cybersecurity influencer among IFSEC Global's "Top Influencers inSecurity and Fire" Category for 2019, Cybersecurity Women of the year award by Women Cyberjutsu Society in the Category “Secure Coder”. She has also been listed as one of the top women leaders in this field of technology and cybersecurity in India by Instasafe.

Cecelia Martinez
Full Info
Cecelia Martinez, USA

Cecelia Martinez is a Technical Account Manager at in Atlanta, GA, where she spends her days talking to Cypress users about testing strategies, helping them overcome technical challenges, and providing education and training. She is a conference speaker and panelist on the Angular Experience podcast.

She is a graduate of the Full-Stack Software Engineering Program at Georgia Tech. Before transitioning to tech, she worked in journalism and financial services, and obtained a B.A. in Public Communications and an M.B.A. in Marketing. She is a volunteer with Women Who Code Front End and Out in Tech Atlanta.

Juarez Barbosa Junior
Microsoft, Ireland

Juarez Barbosa Junior has +20 years of experience in several IT-related roles throughout his career, currently working for Microsoft as the Azure Developer Engagement Lead in Ireland.

Previously, he's worked for Oracle as a Principal Blockchain Developer Advocate and as Thought Leader and Technical Evangelist in IBM Mobile and IBM Watson.

He's passionate about engaging developers and communities to present and discuss the latest technologies related to Blockchain, IoT, Cloud Native, AI, and other Emerging Technologies, with a particular focus and interest in Microsoft Azure.