Javan Rasokat – Security Researcher

Conference Talks

🇩🇪	German OWASP Day 2025 - Düsseldorf	From Startup to Scale: Choosing the Right AppSec Path with Vanessa Sutter Pre-Conference Training: Leveraging Browser Features for Proactive Defense	Video \| Blogpost \| Post
🇺🇸	OWASP Global AppSec Washington DC	How Latest Browser Security Features Eliminate Bug Classes	YouTube \| Post \| Schedule
🇺🇸	LASCON 2025	Builders and Breakers: A Collaborative Look at Securing LLM-Integrated Apps with Rico Komenda	YouTube \| Post
🇩🇪	Aalen University	Ethical Hacking Seminar	Blog \| Slides \| Post \| Schedule
🇩🇪	OWASP Frankfurt	Chapter Meetup #73: Hands-On OWASP Workshop	Post \| Meetup \| Announcement
🇸🇬	AppSec Days Singapore	XSS is dead - Browser Security Features that Eliminate Bug Classes	Post \| Schedule
🇺🇸	DEF CON 33	Eliminating Bug Classes at Scale: Leveraging Browser Features for Proactive Defense \| DEF CON 33 Workshop The Death of XSS? Browser Security Features that Eliminate Bug Classes \| AppSec Village Talk	Post \| Workshop
🇺🇸	BSidesLV	XSS is dead – Browser Security Features that Eliminate Bug Classes \| Talk Eliminating Bug Classes at Scale: Leveraging Browser Features for Proactive Defense \| BSidesLV Workshop	YouTube \| Blogpost \| Post
🇪🇸	OWASP Global AppSec EU Barcelona	Builders and Breakers: A Collaborative Look at Securing LLM-Integrated Apps with Rico Komenda	Post \| Post \| Schedule
🇳🇴	NDC Security 2025	Stop Firefighting Vulnerabilities, Start Eliminating Bug Classes at Scale	Post \| Post \| Workshop
🇺🇸	DEF CON 32	When Chatbots Go Rogue – Lessons Learned from Building and Defending LLM Applications with Andra Lezza \| AppSec Village Talk	YouTube \| Blogpost \| Post \| Schedule
🇩🇪	OWASP Frankfurt	Chapter Meetup #63: The Dark Side Of LLMs: Uncovering And Overcoming Of Code Vulnerabilities	Slides \| Blogpost \| Post \| Meetup
🇨🇦	SecTor 2023	The Dark Side Of LLMs: Uncovering And Overcoming Of Code Vulnerabilities	Video \| Slides \| Blogpost \| Schedule
🇳🇵	ThreatCon 2023	The Dark Side Of LLMs: Uncovering And Overcoming Of Code Vulnerabilities	Blogpost \| Post \| Schedule
🇦🇺	BSides Canberra 2023	The Dark Side Of LLMs: Uncovering And Overcoming Of Code Vulnerabilities	Blogpost \| Blogpost \| Schedule
🇦🇺	CyberCon Melbourne 2023	The Dark Side Of LLMs: Uncovering And Overcoming Of Code Vulnerabilities	Post
🇺🇸	OWASP Global AppSec San Francisco 2022	Exploiting race conditions in web applications	Slides \| Blogpost \| Post \| Schedule
🇦🇷	Ekoparty 2022	A race against time - How to exploit race conditions in web apps	YouTube \| Blogpost \| Post
🇸🇬	Hack In The Box (HITB) Singapore 2022	Exploiting Race Condition Vulnerabilities In Web Applications	YouTube \| Slides \| Blogpost \| Post \| Agenda

Professional Trainings

Some of my trainings, not all of them, can be offered in-house or tailored for you. Trainings can be delivered in English or German (🇩🇪), depending on the audience. For inquiries, please reach out at .

Advanced Web Security: Scaling CSP & Cutting-Edge Browser Defences for Bug Class Elimination	Modern web security has shifted. Patching individual vulnerabilities no longer scales, especially across organisations with hundreds of services. This hands-on training teaches you how to eliminate entire bug classes using the newest browser security standards - including several features that have only just been published or are still in development, such as client-side Reporting API and or the new integrity policies (SRI). You’ll work with a pre-secured training app and progressively enforce CSP3 (Content-Security-Policy), Trusted Types, Sec-Fetch-Metadata, COOP/COEP, and other modern defences, test their effectiveness, and learn how to automate adoption at scale. No coding experience is required - everything is provided. The course blends deep technical exercises with architectural guidance for rolling out secure-by-default protections across real environments. You’ll leave with practical, forward-looking expertise that moves your organisation from reactive patching to proactive bug-class elimination, using the most current standards available.	1-Day Training Not available yet - CfT outstanding.
Proactive Security Engineering: Building Secure-by-Design Architectures That Scale	Most engineers can fix vulnerabilities. Far fewer can design systems where entire bug classes simply can’t exist. This two-day, hands-on training teaches how to do exactly that: build secure-by-design architectures that prevent defects rather than chase them. You’ll exploit realistic flaws in enterprise-grade applications, trace them back to architectural roots, and then rebuild the systems using scalable patterns that embed security directly into design and DevSecOps workflows. Each module follows a repeatable cycle: exploit → test → defend → pattern → re-test. Turning isolated fixes into reusable engineering practices. Across access control, input validation, identity, secrets, configuration, browser security, dependency governance, observability, you’ll learn how to replace patching with proactive architecture. All labs and applications are purpose-built for this course, not textbook demos, and attendees receive lifetime access to the full environment.	2-Day Training Not available yet - CfT outstanding.
Think like a hacker, code like a pro: Secure Coding Training	This training provides a comprehensive understanding of the most common and dangerous security vulnerabilities in web applications, using the OWASP Top 10 as a reference. Through a combination of theoretical lectures and practical exercises, participants will learn to identify critical vulnerabilities in web applications, understand how attacks on them work, and how to take necessary measures to fix these vulnerabilities and prevent attacks. The training consists of a mix of theory about current threats and real-world examples, and practical exercises that address and handle these threats. Participants have the opportunity to examine an insecure web application (OWASP Juice Shop) using the methods they have learned and to identify vulnerabilities. Once the vulnerabilities are identified and attacked, the training covers relevant defensive measures to prevent attacks, thus providing a useful catalogue of measures for secure programming. Through practical exercises, participants can directly apply the knowledge they have learned and thereby improve their skills in assessing and enhancing the security of web applications.	2-Day Training Available on request.
Software Quality Engineering - Master's Lecture 🇩🇪	Joint master lecture with Prof. Dr. Katja Wengler about Software Quality Engineering, Secure Software Development Lifecycle and Secure Coding Practices.	Available at: DHBW CAS Heilbronn, Germany
Security Hackathon 🇩🇪	I am lecturing in Software Engineering with a focus on Secure Coding. Using a mix of theory and practice, students learn about commonly exploited vulnerabilities in web applications and learn ways to exploit these, as well as measures to prevent or fix these vulnerabilities through secure software development.	Available at: DHBW Karlsruhe, Germany
ISC2 CISSP / CSSLP / CCSP Training 🇩🇪 🇬🇧	Comprehensive preparation for the Certified Information Systems Security Professional (CISSP), Cloud Certified Security Professional (CCSP) and Certified Secure Software Lifecycle Professional (CSSLP) certifications. ISC2 Authorized Instructor Can be provided in German (🇩🇪) or English (🇬🇧) / in-house / remote / on-site.	Cooperation with: IT-Schulungen.de

Highlights

2025
Recap of Hacker Summer Camp 2025
Las Vegas, USA
Blog: Recap of Hacker Summer Camp 2025
2025
Scaling AppSec in High-Velocity Engineering: My Take
Blog: Scaling AppSec in High-Velocity Engineering: My Take
2025
AI Tools in the Classroom
DHBW, Germany
Blog: AI Tools in the Classroom
2025
Hacking the CAN Bus
Blog: Hacking the LEDA LUC2 Fireplace: Reading CAN Bus Data with ESP32 and ESPHome
since 2024
Authorized Instructor for ISC2
since 2020
Product Security Specialist at Sage
since 2019
Lecturer at DHBW, Germany

Publications

🇩🇪 Wengler, Katja; Rasokat, Javan (2024): Wie können digitale Formate die studierendenzentrierte Lehre unterstützen? In: Hufnagel, Julia; Ternes, Doris; Schnekenburger, Carsten (Hg.): Band 7: Digitale Lehre an der DHBW – The New Normal?, 7: Heilbronn (Schriftenreihe #DUAL), S. 191-202. Online verfügbar unter https://www.zhl.dhbw.de/fileadmin/user_upload/CAS-ZHL/Hochschuldidaktik/Schriftenreihe_DUAL/DHBW_ZHL_Band_7__online.pdf

PDF

@incollection{wengler_rasokat_2024,
  author = {Wengler, Katja and Rasokat, Javan},
  title = {Wie können digitale Formate die studierendenzentrierte Lehre unterstützen?},
  booktitle = {Band 7: Digitale Lehre an der DHBW – The New Normal?},
  editor = {Hufnagel, Julia and Ternes, Doris and Schnekenburger, Carsten},
  series = {Schriftenreihe \#DUAL},
  volume = {7},
  pages = {191--202},
  address = {Heilbronn},
  year = {2024},
  url = {https://www.zhl.dhbw.de/fileadmin/user_upload/CAS-ZHL/Hochschuldidaktik/Schriftenreihe_DUAL/DHBW_ZHL_Band_7__online.pdf}
}

🇩🇪 Rasokat, Javan (2021): Race Conditions in Webanwendungen. Master Thesis, Informatik, Aalen University, 106 pages. Online verfügbar unter https://opus-htw-aalen.bsz-bw.de/frontdoor/deliver/index/docId/1327/file/Rasokat-Race_Conditions_in_Webanwendungen.pdf

PDF

@mastersthesis{rasokat_2021,
  author = {Rasokat, Javan},
  title = {Race Conditions in Webanwendungen},
  school = {Aalen University},
  type = {Master's Thesis},
  address = {Aalen},
  year = {2021},
  pages = {106},
  url = {https://opus-htw-aalen.bsz-bw.de/frontdoor/deliver/index/docId/1327/file/Rasokat-Race_Conditions_in_Webanwendungen.pdf}
}

Qualifications

M.Sc. in IT Security Management (with distinction), Aalen University

B.Sc. in Business Information Systems - Software Engineering, DHBW Karlsruhe

CISSP · CCSP · CSSLP · GXPN (GIAC Exploit Researcher and Advanced Penetration Tester) · CEH (Certified Ethical Hacker) · IAPP AIGP (Artifical Intelligence Governance Professional) · ISC2 Authorized Instructor · ITIL Foundation · AEVO Certificate - Certified trainer and instructor