Important notice about SecAppDev 2020

Due to the current situation with COVID-19 (Corona), with deep regret, we feel bound to postpone SecAppDev 2020 indefinitely. While there have been no official instructions to postpone events such as ours or reduce travel, both attendees and speakers have informed us that they are unable to attend SecAppDev.

We hope everyone in SecAppDev stays healthy, and wish everyone the best for the coming months.

SecAppDev 2020 Lecture Details

Automated software testing and verification

Jan Tobias Muehlberg
Thursday March 12, 16:00 - 17:30
Short description

Discover a technology stack that allows us to construct distributed software systems with well-defined security guarantees. We will address testing, formal verification, and runtime isolation.

Abstract

Software vulnerabilities occur when a system can be abused in ways not anticipated by the designers, developers, or testers. The conventional approach to finding vulnerabilities resembles the search for a needle in a haystack and testers may miss critical issues. This talk focuses on approaches to automated testing and software analysis. Many tools in this field integrate efficiently with current approaches to secure software development and security testing. We also explore how to integrate a verified component in untrusted computing infrastructure.

Key takeaway

Understand the interplay of testing, verification, and runtime support to secure software systems.

Content level

Introductory

Target audience

Architects, developers, testers, software security and verification engineers

Prerequisites

Development and testing experience.


SecAppDev is the most immersive application security course you have ever seen

Book your seat now

Jan Tobias Muehlberg

Jan Tobias Muehlberg

Research Manager, imec-DistriNet, KU Leuven

Jan Tobias Muehlberg works as a research manager at imec-DistriNet, KU Leuven (BE). He is active in the fields of software security, formal verification and validation of software systems, specifically for embedded systems and low-level operating system components. Tobias is particularly interested in security architectures for safety-critical embedded systems and for the Internet of Things.

Full speaker profile


Related security activities sessions

Story-driven threat modeling for the Agile-DevOps age

Lecture by Abhay Bhargav

Find that your Threat Modeling is outmoded, outdated and out of touch with your rapid-release app? Learn how you can change that with "story driven threat models" where you are threat modeling with your Agile Sprint and iterative SDLC

Security activities Thursday March 12, 14:00 - 15:30

Application security seen from an enterprise level

Lecture by Stefaan Van Daele

Developing secure code is a good start, what more could you do to improve security posture? The session puts secure application development in the context of an Enterprise Security Architecture model and how these two relate to each other.

Security activities Thursday March 12, 16:00 - 17:30

From the OWASP Top Ten(s) to the OWASP ASVS

Lecture by Jim Manico

This talk will describe the importance of the OWASP Application Security Verification Standard and how to use if effectively in your organization or project for secure development.

Security activities Monday March 9, 14:00 - 15:30

Persona-based security and threat-modeling

Lecture by Deepak Subramanian

The session will include a presentation about persona-based security leading to persona-based threat modeling. If time permits a small exercise would be held to do a persona-based organizational threat model.

Security activities Tuesday March 10, 16:00 - 17:30