Singapore AppSec & DevSecOps Summit 2025
Join us in April to strengthen your development process with cutting-edge security practices. Connect with experts, explore automation, secure containers, and gain practical insights through interactive sessions and real-world case studies.

Join us at the AppSec and DevSecOps Summit to fortify your software development lifecycle.
We're bringing together developers, security experts, and industry leaders to seamlessly integrate security into every step of your development process.
Discover best practices for shifting left, automating security, and managing open-source risks. Explore how to improve DevSecOps adoption, secure containers and microservices, and weigh in on the debate: automation vs. manual testing. Engage in interactive sessions, real-world case studies, panel discussions, and debates to stay ahead of the latest trends in application security.
Key Themes:
- Integrating Security into the Software Development Lifecycle
- Shift Left Strategies
- Application Breach Response
- Automating Security Processes
- Managing Open Source Risks
- Improving DevSecOps Adoption
- Container and Microservices Security
- Automation vs. Manual Testing: What Works Best
Who Should Attend?
Developers, DevOps engineers, security professionals, IT leaders, and anyone eager to enhance their understanding of application security and DevSecOps practices.
Don't miss this chance for a day of learning, innovation, and collaboration at the AppSec and DevSecOps Summit.
Program Highlights
Speakers
Sessions
AppSec & DevSecOps Leaders
Track
Our Speakers
Agenda
Arrive before 9:15am to enter the draw to win a $500 Travel Voucher!
External libraries and frameworks fuel modern application development. Equally, dependencies are a known source of security risk and often leave organisations vulnerable to breaches and compliance issues. Existing software composition analysis tools are stuck in the past. They overwhelm developers with false positives, interrupt their workflows, and otherwise make it difficult to keep up with the codeashians. In this talk, Cole Cornford will cover the latest innovations to reduce this toil and get you and your organisation up to date. Or at least to n-1. Key Takeaways include:
- The existing state of SCA and why we need to change
- How reachability and cross-correlation can reduce toil
- Streamlining the patching process and escaping circular dependencies
- Managing transitive risk with virtual patching
- Risks with adopting innovative tech
The risks in open-source AI models mirror those in traditional open-source libraries, including vulnerabilities, malicious code and licensing issues, while also introducing unique challenges when consuming the models. This talk will delve into the complexities of these risks, examining the challenges they pose and the importance of understanding them in today’s AI-driven landscape.
DevSecOps requires harmonising rapid development cycles with stringent security protocols. This panel brings together leaders to discuss best practices and hard lessons learned in achieving that equilibrium.
- Aligning developer, security, and operations goals
- Implementing guardrails without bottlenecks
- Case studies of successful (and unsuccessful) integrations
- Measuring the ROI of secure development
In this innovative session, attendees will be faced with a series of scenarios that they may face in their roles. Attendees will discuss the possible courses of action with their peers to consider the ramifications of each option before logging their own course of action.
Results will be tallied and analysed by our session facilitator and results will impact the way the group moves through the activity.
Will we collectively choose the right course of action?
We hear a lot about signing and attesting for open-source projects, but what if you’re an enterprise keeping your code under wraps? This session cuts through the hype and digs into practical strategies for securing proprietary source code—even if you’re hosting it in a cloud-based version control system. will walkthrough strategies to secure your source code and secrets used in CICD workflows
- Rolling out code signing across your organisation to prevent leaks
- Shielding valuable code assets in cloud-based VCS environments
- Highlighting the reality check on current “granular” secrets management
- Using serverless magic to plug holes and secure your tokens once and for all
This demonstration will highlight the primary areas for application security scanning and testing phases so as to achieve an end-to-end DevSecOps workflow with a 360° view over the entire SDLC.
- Testing anywhere/everywhere using comprehensive testing technologies support
- Deliver a better insight on application posture and risk management
- Escalate the security testing across the organisation to make easier the time to market, and also enhance the security posture to comply with regulations and standards
As threats evolve, so must our defenses—anticipating the next wave of attacks is key to staying secure. This panel looks ahead to emerging vulnerabilities and how the industry can prepare.
- Shifting from reactive to predictive security models
- AI-powered threats and defenses
- The impact of quantum computing on encryption
- Regulatory and compliance pressures shaping security policies
Choose 1 topic to join on the day!
1. Continuous Security Testing
2. Shifting Security Left
3. Starting and Growing Your AppSec Program
4. AI-Driven Threat Detection
Enter our quiz throughout the day to win a $500 Travel Voucher... winners will be drawn after lunch!
Generative AI, data analytics, and cloud-native technologies are revolutionizing secure application engineering. As enterprises modernise their software stacks and shift towards agile, cloud-first models, there's an urgent need to ‘embed security deeply and intelligently’ throughout the development lifecycle. This session demonstrates how AI can serve as a force multiplier in DevSecOps - reducing complexity, accelerating delivery, and enabling continuous compliance across evolving cloud architectures.
- Leverage AI in DevSecOps: How AI and Analytics can proactively identify vulnerabilities, automate security testing, and enhance decision-making across the CI/CD pipeline
- Evolve Engineering Practices: Approaches for designing modern, AI-augmented engineering workflows that support fast iterations while embedding security by design
- Modernise Secure Architectures: Techniques for optimising cloud-native architectures to reduce cost and complexity—without sacrificing security or scalability
- Shift to Product Thinking: Moving from project-based oversight to a product-centric model that drives continuous improvement and sustained security posture
- Accelerate Cloud Transformation Securely: Best practices for aligning AI-enhanced DevSecOps with cloud migration strategies to ensure resilience, compliance, and agility
This session brings together perspectives from engineering, security leadership, and talent acquisition to debate some of the most pressing challenges in delivering AppSec and DevSecOps programs today. From talent pipelines to real-world implementation and risk management, our panel explores what it really takes to secure modern applications in the Singapore context.
- Can Singapore’s security talent market meet the pace of demand—or do we need to rethink how we build and buy capability?
- Is embedding security into development teams actually working—or do we need to recentralise to gain traction and maturity?
- Are automation tools and platforms solving talent shortages—or just shifting the risk to configuration and oversight?
- How do we balance innovation and experimentation with growing expectations around compliance and secure-by-design practices?
- Is the future of AppSec about upskilling existing teams—or attracting a whole new breed of security professionals?
Who Attends?
Chief Technology Officer
Chief Information Security Officer
Head of Application Security
Head of DevSecOps
Head of Cybersecurity
VP Engineering
Product Security Director
DevOps Director
Developer Experience Manager
Release and Environment Manager
Platform Engineering Director
Software Engineering Manager
Cybersecurity Engineering Director
API Security Manager
Testing Manager
Benefits For Attendees






.png)

.png)
Event Location
Concorde Hotel Singapore

FAQs
Lorem ipsum dolor sit amet, consectetur adipiscing elit. Suspendisse varius enim in eros elementum tristique.
Get In Touch
Contact our event team for any enquiry

Danny Perry
For sponsorship opportunities.

Lili Munar
For guest and attendee enquiries.

Ben Turner
For speaking opportunities & content enquiries.

Taylor Stanyon
For event-related enquiries.