Important notice about SecAppDev 2020

Due to the current situation with COVID-19 (Corona), with deep regret, we feel bound to postpone SecAppDev 2020 indefinitely. While there have been no official instructions to postpone events such as ours or reduce travel, both attendees and speakers have informed us that they are unable to attend SecAppDev.

We hope everyone in SecAppDev stays healthy, and wish everyone the best for the coming months.

SecAppDev 2020 Lecture Details

Application security seen from an enterprise level

Stefaan Van Daele
Thursday March 12, 16:00 - 17:30
Short description

Developing secure code is a good start, what more could you do to improve security posture? The session puts secure application development in the context of an Enterprise Security Architecture model and how these two relate to each other.


Secure application development often focuses on avoiding vulnerabilities in code. But the security picture also includes the runtime context and the organization managing the application. As a consequence, information security at an enterprise level has more generic requirements, which are typically addressed in an Enterprise Security Architecture.

In this session, we review the importance of the enterprise context. We investigate how architectural building blocks contribute to security. In the end, you will see how architectural application security contributes to the overall security posture.

Key takeaway

A secure application could do more to security by taking in account the context and security requirements at enterprise level.

Content level


Target audience

Developers, application development analysts and security architects



SecAppDev is the most immersive application security course you have ever seen

Book your seat now

Stefaan Van Daele

Stefaan Van Daele

Executive Security Architect, IBM Security

Stefaan has 30 years of experience in IT and since 2001 he is a Security Architect at IBM. In that role he has fulfilled several positions at European and global level. As security architect he is constantly looking for ways to implement security by design but also to achieve efficient security operations. In his current role he is assisting organizations with their security transformation projects in the context of Cloud and Devops. He is co-author of the IBM Security Blueprint V3 redbook.

Full speaker profile

Related security activities sessions

Automated software testing and verification

Lecture by Jan Tobias Muehlberg

Discover a technology stack that allows us to construct distributed software systems with well-defined security guarantees. We will address testing, formal verification, and runtime isolation.

Security activities Thursday March 12, 16:00 - 17:30

Story-driven threat modeling for the Agile-DevOps age

Lecture by Abhay Bhargav

Find that your Threat Modeling is outmoded, outdated and out of touch with your rapid-release app? Learn how you can change that with "story driven threat models" where you are threat modeling with your Agile Sprint and iterative SDLC

Security activities Thursday March 12, 14:00 - 15:30

From the OWASP Top Ten(s) to the OWASP ASVS

Lecture by Jim Manico

This talk will describe the importance of the OWASP Application Security Verification Standard and how to use if effectively in your organization or project for secure development.

Security activities Monday March 9, 14:00 - 15:30

Persona-based security and threat-modeling

Lecture by Deepak Subramanian

The session will include a presentation about persona-based security leading to persona-based threat modeling. If time permits a small exercise would be held to do a persona-based organizational threat model.

Security activities Tuesday March 10, 16:00 - 17:30