Skip to main content
    CONTACT

    This site is protected by hCaptcha and the hCaptcha Privacy Policy and Terms of Service apply.
    Harnessing LLMs for Application Security - Seth Law & Ken Johnson - DCSG2026
    Harnessing LLMs for Application Security - Seth Law & Ken Johnson - DCSG2026
    Harnessing LLMs for Application Security - Seth Law & Ken Johnson - DCSG2026
    Harnessing LLMs for Application Security - Seth Law & Ken Johnson - DCSG2026
    Harnessing LLMs for Application Security - Seth Law & Ken Johnson - DCSG2026
    Harnessing LLMs for Application Security - Seth Law & Ken Johnson - DCSG2026

    Harnessing LLMs for Application Security - Seth Law & Ken Johnson - DCSG2026

    Singapore 2026

    Name of Training: Harnessing LLMs for Application Security
    Trainer(s)Seth Law and Ken Johnson
    Dates: April 26-27, 2026
    Time: TBD
    Venue: Marina Bay Sands
    Early Bird Cost (GST included): $2,558 USD / equivalent to $3,300 SGD / Proficiency Exam Add-on $450 SGD

    Early bird price valid until February 8, 2026.

    Short Summary:

    This comprehensive course is designed for developers and cybersecurity professionals seeking to harness the power of Generative AI and Large Language Models (LLMs) to enhance software security and development practices. You will gain an understanding of how LLMs work, their strengths and weaknesses, and how to craft effective prompts for different use cases. The course covers key topics such as embeddings, vector stores, and Langchain, providing insights into document loading, code analysis, and custom tool creation using Agent Executors. 

    Through hands-on exercises, you’ll learn to implement AI-driven techniques like building Agents and Sub-Agents, using Retrieval-Augmented Generation (RAG) and Few-Shot Prompting for secure code analysis, dynamic testing, threat modeling, and more. By the end of the course, you’ll be equipped with the skills (and code) to integrate AI into your security tasks, enhancing your ability to identify vulnerabilities and improve overall application security.

    Course Description:

    This course offers a deep dive into the intersection of Generative AI, Large Language Models (LLMs), and secure software development. Tailored for developers, cybersecurity professionals, and AI enthusiasts, the program begins with an overview of Gen AI concepts, focusing on how LLMs function, their strengths and weaknesses, and the importance of effective orchestration. Participants will explore various prompt types—user, system, and AI—and delve into advanced techniques like Agentic orchestration, Few-Shot Prompting, evaluation, and orchestration techniques which enable LLMs to perform complex tasks with minimal examples. 

    The course introduces embeddings and vector stores, essential for managing and retrieving relevant data efficiently. Participants will learn how to leverage these tools for similarity searches, chaining, and more. The exploration of different LLM types, including open-source and commercial options, provides a comprehensive understanding of the AI landscape, with hands-on experience using platforms like HuggingFace, Langchain, and others. 

    Langchain is examined in detail, highlighting its role in streamlining AI integration into development workflows. Students will gain practical knowledge of document loaders, text splitting, storage and retrieval mechanisms, and prompt building. Through exercises, they'll apply these concepts, such as loading a PDF to answer questions using vector stores and chaining. 

    The course also covers various application security tasks, including source code analysis and dynamic testing. Emphasis is placed on the use of AI to identify critical aspects of application security, such as security libraries and application structure. Participants will engage in exercises that involve loading code into a vector store, employing RAG, and Few-Shot Prompting to analyze the code's purpose and security implications. Advanced topics include building custom tools with Agent Executors for compositional and behavioral analysis, as well as vulnerability identification. Through practical exercises, students will develop custom reasoning flows to enable LLMs to assess authorization issues within code. 

    By the end of this course, participants will be equipped with the skills and knowledge to integrate AI-driven techniques into their software development and security practices, enhancing their ability to identify vulnerabilities, streamline workflows, and improve overall application security. 

    Course Outline: 

    • Introductions 
    • Overview 
    • Gen AI Concepts 
    • Langchain 
    • Prompt Engineering 
    • Context (aka Threat Modeling) 
    • Embeddings & Vector Stores 
    • Exploring LLMs 
    • Chatbot/AppSec Assistant 
    • Source Code Analysis 
    • Dynamic Testing 
    • Agent Executors & Custom Tools 
    • Model Context Protocol  

    Difficulty Level:

    Intermediate - The student has education and some experience in the field and familiarity with the topic being presented. The student has foundational knowledge that the course will leverage to provide practical skills on the topic.

    Suggested Prerequisites:

    Ability to understand, modify, and troubleshoot python with some support. You do not need to be a full-time developer, but understanding the basics of python is a must for examples and exercises. 

    What Students Should Bring: 

    Laptop with ability to install and run code. Bring a system where you have the ability to install software or run administrative tools. MacOS/Linux preferred, Windows is supported but may cause issues if a student does not have administrative privileges. 

    What the Trainer Will Provide:

    Digital material to support the course. Further support is available via Slack. 

    Trainer(s) Bio:

    Seth Law is an experienced Application Security Professional with over 15 years of experience in the computer security industry. During this time, Seth has worked within multiple disciplines in the security field, from software development to network protection, both as a manager and individual contributor. Seth has honed his application security skills using offensive and defensive techniques, including tool development. Seth is the founder and principal of Redpoint Security, hosts the Absolute AppSec podcast with Ken Johnson, and is a regular speaker at developer meetups and security events, including Blackhat, Defcon, CactusCon, and other regional conferences. 

    Ken Johnson has been hacking web applications professionally for 14 years and given security training for 11 of those years. Ken is both a breaker and builder and is the CTO & Co-Founder of DryRun Security. Previously, Ken was a Director with GitHub's Product Security Engineering team and has held both technical and leadership roles both within the consulting world as well as a corporate defender. Previously, Ken has spoken at RSA, You Sh0t the Sheriff, Insomnihack, CERN, DerbyCon, AppSec USA, AppSec DC, AppSec California, DevOpsDays DC, LASCON, RubyNation, and numerous Ruby, OWASP, and AWS events about appsec, devops security, and AWS security. Ken's current passion project is the Absolute AppSec podcast with Seth Law. 

    Proficiency Exam Option:

    This course has the option for a proficiency certificate add-on. To earn the proficiency certificate, a student must actively participate during the course and demonstrate the ability to use LLMs to solve common application security processes during the final exercise. This will require code submission and review by the instructor(s) that meets the above requirements and can be run without error by instructors.

    Please reach out to training@defcon.org for any questions related to the proficiency exam and certificate option.

    Registration Terms and Conditions: 

    Trainings are refundable before March 27, 2026, minus a non-refundable processing fee of $250.

    Between March 27, 2026 and April 21, 2026 partial refunds will be granted, equal to 50% of the course fee minus a processing fee of $250.

    All trainings are non-refundable after April 21, 2026.

    Training tickets may be transferred to another student. Please email us at training@defcon.org for specifics.

    If a training does not reach the minimum registration requirement, it may be cancelled. In the event the training you choose is cancelled, you will be provided the option of receiving a full refund or transferring to another training (subject to availability).

    Failure to attend the training without prior written notification will be considered a no-show. No refund will be given.

    DEF CON Training may share student contact information, including names and emails, with the course instructor(s) to facilitate sharing of pre-work and course instructions. Instructors are required to safeguard this information and provide appropriate protection so that it is kept private. Instructors may not use student information outside the delivery of this course without the permission of the student.

    By purchasing this ticket you agree to abide by the DEF CON Training Code of Conduct and the registration terms and conditions listed above.

    Several breaks will be included throughout the day. Please note that food is not included.

    All courses come with a certificate of completion, contingent upon attendance at all course sessions. Some courses offer an option to upgrade to a certificate of proficiency, which requires an additional purchase and sufficient performance on an end-of-course evaluation.

     

    $2,558.00