Lectures at SecAppDev 2024
SecAppDev 2024 offers three days of in-depth lectures and two days of workshops, organized in a dual-track program.
SecAppDev lectures are 90 minutes each, allowing our expert faculty members to take a deep-dive into their topics. Throughout the lectures and the course, there is ample time to ask questions or discuss scenarios with our faculty members.
Check out the program for SecAppDev 2024 below. More sessions will be announced soon!
SecAppDev offers in-depth lectures of an exceptional quality
Grab your seat nowAppSec is changing
Keynote lecture by Erlend Oftedal in room Lemaire
Wednesday June 5th, 16:00 - 17:15
In this keynote we will look at how appsec has been changing over the last 10 years and discuss what might come in the future.
Key takeaway: Overview of appsec as a field and where it's going
Cryptographic algorithms update
Deep-dive lecture by Bart Preneel in room Lemaire
Monday June 3rd, 11:00 - 12:30
An update on the most important cryptographic algorithms and a status on the migration towards post-quantum security.
Key takeaway: Which cryptographic algorithms to use for which tasks.
Practical cryptography with Tink
Deep-dive lecture by Neil Madden in room West Wing
Monday June 3rd, 16:00 - 17:30
Learn how to translate cryptography know-how into robust working code that is easy to review. Avoid common implementation pitfalls by learning how to use the modern Tink cryptographic library.
Key takeaway: Learn how to use Tink to implement cryptographic features and protocols in a robust manner.
Supercharging OAuth 2.0 security
Advanced lecture by Philippe De Ryck in room Lemaire
Tuesday June 4th, 16:00 - 17:30
Discover how to apply OAuth 2.0 in high-security scenarios, exploring its latest security enhancements. Learn about advanced features like Resource Indicators, JAR, PAR, and DPoP, gaining the knowledge to implement OAuth 2.0 securely.
Key takeaway: OAuth 2.0 offers various new security enhancements, including Resource Indicators, JAR, PAR, DPoP, designed for high-security environments
AI Security: Essentials to Advanced
Introductory lecture by Jim Manico in room Lemaire
Monday June 3rd, 16:00 - 17:30
Unpack AI security: business impacts, ethics, LLM challenges, privacy, and regulations like the EU AI Act. Essential for secure AI deployment.
Key takeaway: Secure and ethical AI deployment requires understanding risks, regulations, and best practices in technology and governance.
Vulnerabilities of Large Language Model Applications
Deep-dive lecture by Vera Rimmer in room West Wing
Wednesday June 5th, 11:00 - 12:30
The session will start with a quick primer on data-driven AI and the key mechanisms behind LLMs. Then we will explore the general threat landscape, including academic attacks and more practical threats (OWASP Top 10 for LLMs).
Key takeaway: LLMs are a vulnerable intermediary between users and information. Increasing autonomy, complexity and integration of AI amplifies all existing risks.
A gentle intro to Ethereum and "smart contracts"
Introductory lecture by Tom Van Cutsem in room West Wing
Wednesday June 5th, 14:00 - 15:30
Ethereum is a programmable blockchain, a "world computer" powering decentralized applications. Find out how software for this "world computer" - smart contracts - are written using the Solidity language.
Key takeaway: Learn what programmable blockchains like Ethereum are all about, what kinds of applications they enable and what common pitfalls developers face.
Security-centric app development: the itsme® use case
Introductory lecture by Steve Mihy and Eric Bariaux in room Lemaire
Tuesday June 4th, 09:00 - 10:30
In this session, we will look at the history of the itsme® app and highlight how at every step security was at the forefront of the development. From the initial design to adding new features, the focus on security was never lost.
Key takeaway: The itsme® use case demonstrates how to keep security at the core of application development throughout its evolution.
A complete view of application security with OWASP SAMM
Introductory lecture by Aram Hovsepyan in room Lemaire
Tuesday June 4th, 11:00 - 12:30
This session introduces the OWASP SAMM framework and gives you a clear overview of the application security landscape. It will also help you understand how organizations should deal with software security at scale.
Key takeaway: Learn about the full scope of application security, and how activities such as secure design, coding, pen testing, DevOps fit in this view.
An open source WAF in a high security setting
Introductory lecture by Christian Folini in room West Wing
Wednesday June 5th, 09:00 - 10:30
Introduction to WAFs, a highly commercial market with a dominant open source offering, crazy incentives of WAF vendors, the history of online voting in Switzerland, the 2019 disaster and ray of hope cast by the WAF.
Key takeaway: Basic understanding of web application firewalls, their use cases and their limits.
Security foundations for modern web applications
Introductory lecture by Philippe De Ryck in room West Wing
Monday June 3rd, 11:00 - 12:30
In this session, we explore how to leverage the fundamental security model of the web for security. We also explore how to build a secure foundation for your web and API-based applications.
Key takeaway: Understand how the browser reasons about web security, and how you can leverage browser security mechanisms to secure your applications
Introduction to Macaroons
Introductory lecture by Neil Madden in room Lemaire
Wednesday June 5th, 14:00 - 15:30
A deep dive into the workings of Macaroons, a novel authorization technique developed by Google. Learn the unique capabilities of this exciting new technology and how it is being deployed by multiple companies to secure the cloud.
Key takeaway: Learn when to use Macaroons vs other technologies for authentication tokens.
Designing “least-authority” JavaScript apps
Deep-dive lecture by Tom Van Cutsem in room West Wing
Monday June 3rd, 14:00 - 15:30
Learn the problems and solutions of combining "trusted" and "untrusted" JavaScript. We introduce secure dialects of JavaScript and practical tools that are available to help contain third-party dependencies.
Key takeaway: Learn how to get "trusted" and "untrusted" JavaScript to safely co-exist in your app.
Building Secure ReactJS Applications
Deep-dive lecture by Jim Manico in room West Wing
Tuesday June 4th, 09:00 - 10:30
Learn to secure ReactJS apps against XSS, data leaks, and more. Dive into props, dangerouslySetInnerHTML, CSS, JSON, XSS protections, and SSR. Essential for safer development.
Key takeaway: Component dynamics, unescaped props, dangerouslySetInnerHTML, JavaScript URLs, CSS, JSON, XSS defenses, lazy loading, template injection, SSR.
Security Signals - A framework to scale web security
Introductory lecture by Slawomir Goryczka in room West Wing
Tuesday June 4th, 14:00 - 15:30
Learn about Security Signals, a data-driven framework to scale web security, provide insights into security stance, and unique capabilities to manage security mitigations and remediations with high coverage, precision, and recall.
Key takeaway: Understand how and why security web infrastructure is built, used, and maintained at scale, also learn its components and capabilities it’s providing.
The Past, Present, and Future of CSRF/CORF
Deep-dive lecture by Philippe De Ryck in room West Wing
Tuesday June 4th, 11:00 - 12:30
Explore the evolution of CSRF and Cross-Origin Request Forgery, their impact on modern API-based applications, and how to effectively use defenses like SameSite cookies and Cross-Origin Resource Sharing.
Key takeaway: Gain a deep understanding of CSRF attacks, the conditions that lead to vulnerability, and how to implement best practice defenses to safeguard your applications.
Secure coding: Back to Basics
Deep-dive lecture by Erlend Oftedal in room West Wing
Tuesday June 4th, 16:00 - 17:30
Learn how to write more secure code by using a set of constructs that makes it easier to get things right.
Key takeaway: How we can write more secure code with less flaws by making changes to how we construct the code.
Crypto policy: from CSAM to eIDAS
Introductory lecture by Bart Preneel in room Lemaire
Wednesday June 5th, 09:00 - 10:30
This talk presents a summary of 30 years of crypto wars including the key escrow controversy, client-side scanning, and EU's digital identity initiatives.
Key takeaway: Technology developments create a growing tension between government mass surveillance and privacy; the resulting debate shifts shapes but continues.