2026-05-06 –, IFEN room 2, Workshops and AI Security Village (Building D)
The industry needs more security code reviewers. Vulnerabilities are getting deeper, not simpler, and modern applications fail in subtle ways that scanners, and even AI, routinely miss. Meanwhile, developers are writing less code and reviewing more of it than ever (hopefully).
This workshop is a fast, hands-on introduction to reading code with a security mindset. Through real CVE-inspired examples, you’ll see how tiny inconsistencies, misplaced assumptions, and misunderstood framework behaviour turn into real, exploitable flaws.
You’ll learn how to detect red flags quickly, identify dangerous patterns in small snippets, and build intuition for where vulnerabilities hide. Whether you’re a developer, pentester, or security engineer, you’ll walk away with a foundational methodology for performing clear, consistent, and reliable code reviews.
Modern applications break in subtle ways, and many of the most impactful vulnerabilities come from tiny mistakes hidden in plain sight. Scanners won’t catch them. AI won’t catch them. But a trained human eye will.
This workshop teaches you how to read code with the explicit goal of finding vulnerabilities.
Through real, CVE-inspired examples, we’ll explore how small inconsistencies, incorrect assumptions, and misunderstood framework behaviour turn into exploitable bugs.
You’ll practice spotting red flags in small snippets, recognising dangerous patterns, and understanding why certain coding choices reliably lead to security issues. The session is fast-paced and hands-on, designed to build practical intuition you can apply immediately.
Whether you’re a developer, pentester, or AppSec engineer, you’ll leave with a clear, repeatable methodology for reviewing code and uncovering vulnerabilities that tools routinely miss.
Louis Nyffenegger is a renowned application security expert and the founder of PentesterLab, a leading platform for hands-on security training. With extensive experience in penetration testing, code review, and application security, Louis has worked at organizations like the National Bank of Australia, Australia Post, and Fitbit.
He has delivered talks at security conferences, including DEFCON, Kawaiicon, and BSides Canberra, sharing insights on web security, code review techniques, and the intricacies of penetration testing.
As the primary author of PentesterLab’s labs, Louis has designed practical, real-world exercises that help security professionals and developers master vulnerabilities and improve their skills. He also runs AppSecSchool, a YouTube channel dedicated to application security, and writes thought-provoking blog posts to inspire the security community.
Beyond his technical contributions, Louis is passionate about teaching and empowering others to build secure software. He believes in a hands-on approach to security education, emphasising real-world applications and meaningful learning experiences.