Name: Insecurity as Code: How Modern Software Scaled the Attack Surface
Start: 2026-06-26T15:30:00+0200
End: 2026-06-26T16:15:00+0200

Insecurity as Code: How Modern Software Scaled the Attack Surface

Friday June 26, 2026 3:30pm - 4:15pm CEST

Hall K2 (Level -2)

Drawing on large-scale telemetry from real-world production environments, this talk examines what modern application and supply-chain security actually look like in 2025–2026. The data paints a clear picture: many organizations ship vulnerable dependencies, exposed secrets remain surprisingly common, infrastructure logging is frequently incomplete, and malicious packages can reach production environments.

We’ll connect these observations to recent supply-chain incidents, from SolarWinds to self-replicating npm worms, and explore why vulnerabilities often persist long after disclosure. More importantly, we’ll discuss which security controls measurably reduce risk in practice, and which tend to generate noise without improving outcomes.

This talk focuses on the gap between defensive effort and attacker leverage - where defenders lose time, and where attackers gain scale.

Speakers

Igor Stepansky

Security Researcher, Orca Security

I'm Igor Stepansky, a Security Researcher at Orca Security specializing in the AppSec domain. I bring a strong and diverse background in cybersecurity, with hands-on experience in integrating security solutions such as SAST, IaC scanning, SCA, secrets detection, and malicious package... Read More →

Friday June 26, 2026 3:30pm - 4:15pm CEST
Hall K2 (Level -2)

Process and Culture

Audience Intermediate

OWASP Global AppSec EU 2026 Vienna

Igor Stepansky

Get help with the event

OWASP Global AppSec EU 2026 Vienna

Igor Stepansky

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Get help with the event