Workshop Description:

Why Legacy CNAPPs Miss Modern Attacks and How to Detect Them at Runtime 
Modern cloud attacks no longer start with misconfigurations or missing patches. They start inside the application layer, unfold during execution, and bypass security tools that rely on snapshots, signatures, or post-event analysis. 
In this hands-on workshop, we’ll walk through real-world application-layer exploit chains to show why traditional CNAPPs, scanners, and infrastructure-first tools struggle to detect and validate modern threats. Participants will also examine how recent examples such as React2Shell can traverse server-side rendering (SSR) paths, abuse unsafe runtime execution inside Node.js, and escalate into remote code execution and lateral movement — all without tripping conventional controls. 
Unlike a slide-based session, this workshop is designed for practitioners.

Attendees will work directly within a live runtime environment to:

• Observe how application-layer attacks unfold during execution 
• Identify where traditional tools lose visibility 
• Correlate runtime signals across application, container, and cloud layers 
• Validate exploitability and understand true blast radius 
• Prioritize response based on real impact, not theoretical risk 

The goal is to give security and engineering teams a practical framework for detecting, validating, and responding to modern application attacks as they happen — and to understand how runtime visibility changes incident response, noise reduction, and collaboration across teams. 

• Practitioners only 
• Laptops required