SecAppDev 2020 Lecture Details

Application security seen from an enterprise level

Stefaan Van Daele
Thursday March 12, 16:00 - 17:30
Short description

Developing secure code is a good start, what more could you do to improve security posture? The session puts secure application development in the context of an Enterprise Security Architecture model and how these two relate to each other.


Secure application development often focuses on avoiding vulnerabilities in code. But the security picture also includes the runtime context and the organization managing the application. As a consequence, information security at an enterprise level has more generic requirements, which are typically addressed in an Enterprise Security Architecture.

In this session, we review the importance of the enterprise context. We investigate how architectural building blocks contribute to security. In the end, you will see how architectural application security contributes to the overall security posture.

Key takeaway

A secure application could do more to security by taking in account the context and security requirements at enterprise level.

Content level


Target audience

Developers, application development analysts and security architects



Stefaan Van Daele

Stefaan Van Daele

Executive Security Architect, IBM Security

Stefaan has 30 years of experience in IT and since 2001 he is a Security Architect at IBM. In that role he has fulfilled several positions at European and global level. As security architect he is constantly looking for ways to implement security by design but also to achieve efficient security operations. In his current role he is assisting organizations with their security transformation projects in the context of Cloud and Devops. He is co-author of the IBM Security Blueprint V3 redbook.

Full speaker profile

Related security activities sessions

Automated software testing and verification

Lecture by Jan Tobias Muehlberg

Discover a technology stack that allows us to construct distributed software systems with well-defined security guarantees. We will address testing, formal verification, and runtime isolation.

Security activities Thursday March 12, 16:00 - 17:30

Story-driven threat modeling for the Agile-DevOps age

Lecture by Abhay Bhargav

Find that your Threat Modeling is outmoded, outdated and out of touch with your rapid-release app? Learn how you can change that with "story driven threat models" where you are threat modeling with your Agile Sprint and iterative SDLC

Security activities Thursday March 12, 14:00 - 15:30

From the OWASP Top Ten(s) to the OWASP ASVS

Lecture by Jim Manico


Security activities Monday March 9, 14:00 - 15:30