Welcome to the Context Engineering for Application Security workshop β a hands-on, friendly introduction to improving the security of AI-generated code using:
- Cursor
- Secure prompting techniques
- Cursor rules
- An MCP server to bring in security scanning
This workshop alternates between short presentations and hands-on exercises.
Each module has its own Markdown file:
00. Prerequisites & Setup
01. Secure Prompting Exercises
02. Using Cursor Rules
03. Using an MCP Server for Dependency Safety
04. Appendix: Troubleshooting
05. Resources
Jenn Gile is a community builder and tech educator, and in both the AppSec and DevOps fields. Currently Head of Community at both Endor Labs and BSides Seattle, she's also worked at NGINX, F5, and the U.S. Department of State. Outside of work, she's deeply involved in the cycling community as a board member for 2nd Cycle.
David Archer is a Solution Architect at Endor Labs. He began his career as a software developer and witnessed significant shifts in how software is built over the last two decades. After spells as a development lead, product director and pre-sales consultancy roles David consistently saw a concerning trend: security often took a backseat amidst the hustle and bustle of development priorities. Seeking to help address this balance David took an opportunity in 2018 to work full-time in the field of application security with a particular focus on technologies that promise to enhance security without impeding development speed. Through his extensive experience with secure coding practises and hands-on experience with the myriad of code analysis tools like IAST, SAST, DAST, RASP and SCA, he gained valuable insights into their relevance and effectiveness in a modern software factory.