SecAppDev 2020 - Full Course Schedule

Below, you can find the full course schedule for SecAppDev 2020. Please note that the schedule might be subject to change until the start of the course.

Do not wait any longer to attend SecAppDev!

Book your seat now

Monday March 9

09:00 - 09:15
Opening session

Organizational session by Philippe De Ryck

Kicking off SecAppDev with a warm welcome, along with a few practicalities for the organization of the course.

Venue: Lemaire

09:15 - 10:30
The GDPR and doing really cool stuff with personal data!

Lecture by Bavo Van den Heuvel

You will learn about the GDPR boundaries and be triggered to start thinking about new privacy compliant uses of personal data.

Privacy, safety & ethics Venue: Lemaire

11:00 - 12:30
Cryptographic algorithms

Lecture by Bart Preneel

Understanding different types of cryptographic algorithms, and the security properties they provide.

Crypto Venue: Lemaire

Privacy threat modeling using LINDDUN

Lecture by Kim Wuyts

Key privacy issues and how to systematically identify them in a software architecture

Privacy, safety & ethics Venue: West wing

14:00 - 15:30
The never-ending crypto wars

Lecture by Bart Preneel

The crypto war is ongoing, but the focus on encryption may well be a diversion tactic.

Crypto Venue: Lemaire

From the OWASP Top Ten(s) to the OWASP ASVS

Lecture by Jim Manico

The participant will take away a usable strategy to apply the Application Security Verification Standard to their organizations secure development of web and API applications.

Security activities Venue: West wing

16:00 - 17:30
The security model of the web

Lecture by Philippe De Ryck

How to leverage the web's security model to build more secure applications

Web security Venue: Lemaire

Coping with data protection in legacy systems

Lecture by Bavo Van den Heuvel

The compliance pitfalls of legacy systems with data protection laws, along with concrete guidelines for a temporary solution for the issue

Privacy, safety & ethics Venue: West wing

Tuesday March 10

09:00 - 17:30
(All day)
09:00 - 10:30
Public Key Infrastructure (PKI) fundamentals

Lecture by Bart Preneel

Learn what you need to set up and maintain a PKI solution in your organization

Crypto Venue: Lemaire

Paradigms of privacy research and privacy engineering

Lecture by Seda Gürses

Privacy is more than data protection and requires thoughtful design in software systems

Privacy, safety & ethics Venue: West wing

11:00 - 12:30
Making smart choices from the authentication cookbook

Lecture by Philippe De Ryck

The ability to select the proper authentication mechanisms for modern applications.

Identity and access management Venue: Lemaire

Introduction to low-level software security

Lecture by Frank Piessens

The security risks of programming in languages like C/C++ and how to deal with these risks.

Low-level security Venue: West wing

14:00 - 15:30
How Rust helps us make safer and more secure code

Lecture by Jake Goulding

Programming in languages like C or C++ is fraught with peril, but we are no longer restricted by a handful of weak choices; we have better options.

Low-level security Venue: Lemaire

Intro to trust & safety - Identifying abuse vectors

Lecture by Lexi Galantino

Attendees will learn how to identify trust & safety application vulnerabilities so that they can prevent or close them in their applications.

Privacy, safety & ethics Venue: West wing

16:00 - 17:30
Protective optimization technologies

Lecture by Seda Gürses

Machine learning and AI have significant business advantages, but come with harms and risks that require thinking beyond privacy and security.

Privacy, safety & ethics Venue: Lemaire

Persona-based security and threat-modeling

Lecture by Deepak Subramanian

The details of the meaning of "personas", how to work with them in a security context and apply them for example in threat modeling

Security activities Venue: West wing

Wednesday March 11

09:00 - 17:30
(All day)
09:00 - 10:30
Modern access control policy enforcement

Lecture by Jim Manico

It's well past time to migrate access control policy enforcement points in your code from roles to capabilities.

Identity and access management Venue: Lemaire

Trusted Execution and how far you can trust it

Lecture by Jan Tobias Muehlberg

Learn how and when to rely on technologies such as Intel SGX, and understand what security guarantees these technologies can provide.

Low-level security Venue: West wing

11:00 - 12:30
Cryptography best practices

Lecture by Bart Preneel

Learn how to make informed and secure choices about cryptographic protocols.

Crypto Venue: Lemaire

A practical introduction to OIDC (and OAuth 2.0)

Lecture by Dominick Baier

The purpose and role of OIDC and OAuth 2.0 for securing modern applications

Identity and access management Venue: West wing

14:00 - 15:30
Quantum computers, quantum crypto, and postquantum crypto

Lecture by Bart Preneel

How to prepare for the migration towards post-quantum cryptography.

Crypto Venue: Lemaire

The ultimate guide to Content Security Policy

Lecture by Lukas Weichselbaum

Understand how to use CSP as a robust defense-in-depth mechanism against XSS.

Web security Venue: West wing

16:00 - 17:30
OAuth 2.0 Security Reinforced

Lecture by Dr. Torsten Lodderstedt

Understand the do's and don'ts of OAuth 2.0

Identity and access management Venue: Lemaire

A practical view of security toolchains in DevSecOps

Lecture by Abhay Bhargav

Different DevSecOps pipelines, other than typical Jenkins variant(s), DAST tool integration and security regressions, vulnerability management

DevOps Security Venue: West wing

Thursday March 12

09:00 - 17:30
(All day)
09:00 - 10:30
Securing web apps with modern platform features

Lecture by Lukas Weichselbaum

Understand how to defend your web applications with new web platform features.

Web security Venue: Lemaire

Trust & safety II - Best practices & current topics

Lecture by Lexi Galantino

Trust & safety is an evolving field with active research. Attendees will get a tour of the current state and consider some advanced user stories.

Privacy, safety & ethics Venue: West wing

11:00 - 12:30
OIDC and OAuth 2.0 – Tips from the trenches

Lecture by Dominick Baier

Advice on designing token-based authentication and authorization using OIDC and OAuth 2.0.

Identity and access management Venue: Lemaire

Blueprint for secure JavaScript development

Lecture by Marcin Hoppe

The right approach to JavaScript application development helps prevent vulnerabilities, both in the browser and on the backend.

Web security Venue: West wing

14:00 - 15:30
Advanced OAuth for security-sensitive applications

Lecture by Dr. Torsten Lodderstedt

Understand the patterns and extensions required to build security-sensitive applications with OAuth

Identity and access management Venue: Lemaire

Story-driven threat modeling for the Agile-DevOps age

Lecture by Abhay Bhargav

Pratical story-driven threat modeling starting from user stories instead of systems is better suited for an automated DevOps world.

Security activities Venue: West wing

16:00 - 17:30
Application security seen from an enterprise level

Lecture by Stefaan Van Daele

A secure application could do more to security by taking in account the context and security requirements at enterprise level.

Security activities Venue: Lemaire

Automated software testing and verification

Lecture by Jan Tobias Muehlberg

Understand the interplay of testing, verification, and runtime support to secure software systems.

Security activities Venue: West wing

Friday March 13

09:00 - 10:30
GDPR and research, how to comply?

Lecture by Griet Verhenneman

Transparency and pseudonymisation are of uttermost importance when (re)using personal health-related data.

Privacy, safety & ethics Venue: Lemaire

Security of embedded devices - an introduction

Lecture by Lennert Wouters

Gain a basic understanding of the inner workings of an embedded device and how to asses its security.

Low-level security Venue: West wing

11:00 - 12:30
The hitchhikers guide to secrets for cloud environments

Lecture by Abhay Bhargav

How to handle encryption and secrets in Kubernetes environments, on Azure and on AWS.

DevOps Security Venue: Lemaire

Rust - A Language for the Next 40 Years

Lecture by Carol Nichols

Rust is a language attempting to solve several common software mistakes that often lead to security problems.

Low-level security Venue: West wing

14:00 - 15:30
Lessons from the Node.js ecosystem bug bounty

Lecture by Marcin Hoppe

Several case studies of vulnerabilities in popular JavaScript libraries, from discovery, through handling, remediation, all the way to disclosure.

DevOps Security Venue: Lemaire

Trust Management in SCONE

Lecture by Christof Fetzer

Learn how to leverage Trusted Execution Environments (TEEs) to ensure data confidentiality in untrusted cloud environments.

DevOps Security Venue: West wing

16:00 - 17:00
How security affects the people behind the code

Lecture by Philippe De Ryck

As a community, we need to change the way we deal with software security and security incidents

Venue: Lemaire

17:00 - 17:30
Closing session

Organizational session by Philippe De Ryck

Concluding SecAppDev with a brief reflection, as well as the book raffle among the people that completed the evaluation forms.

Venue: Lemaire