Important notice about SecAppDev 2020
Due to the current situation with COVID-19 (Corona), with deep regret, we feel bound to postpone SecAppDev 2020 indefinitely. While there have been no official instructions to postpone events such as ours or reduce travel, both attendees and speakers have informed us that they are unable to attend SecAppDev.
We hope everyone in SecAppDev stays healthy, and wish everyone the best for the coming months.
SecAppDev 2020 Lecture Details
Application security seen from an enterprise level
Thursday March 12, 16:00 - 17:30
Developing secure code is a good start, what more could you do to improve security posture? The session puts secure application development in the context of an Enterprise Security Architecture model and how these two relate to each other.
Secure application development often focuses on avoiding vulnerabilities in code. But the security picture also includes the runtime context and the organization managing the application. As a consequence, information security at an enterprise level has more generic requirements, which are typically addressed in an Enterprise Security Architecture.
In this session, we review the importance of the enterprise context. We investigate how architectural building blocks contribute to security. In the end, you will see how architectural application security contributes to the overall security posture.
A secure application could do more to security by taking in account the context and security requirements at enterprise level.
Developers, application development analysts and security architects
SecAppDev is the most immersive application security course you have ever seenBook your seat now
Stefaan Van Daele
Executive Security Architect, IBM Security
Stefaan has 30 years of experience in IT and since 2001 he is a Security Architect at IBM. In that role he has fulfilled several positions at European and global level. As security architect he is constantly looking for ways to implement security by design but also to achieve efficient security operations. In his current role he is assisting organizations with their security transformation projects in the context of Cloud and Devops. He is co-author of the IBM Security Blueprint V3 redbook.
Related security activities sessions
Automated software testing and verification
Lecture by Jan Tobias Muehlberg
Discover a technology stack that allows us to construct distributed software systems with well-defined security guarantees. We will address testing, formal verification, and runtime isolation.
Security activities Thursday March 12, 16:00 - 17:30
Story-driven threat modeling for the Agile-DevOps age
Lecture by Abhay Bhargav
Find that your Threat Modeling is outmoded, outdated and out of touch with your rapid-release app? Learn how you can change that with "story driven threat models" where you are threat modeling with your Agile Sprint and iterative SDLC
Security activities Thursday March 12, 14:00 - 15:30
Persona-based security and threat-modeling
Lecture by Deepak Subramanian
The session will include a presentation about persona-based security leading to persona-based threat modeling. If time permits a small exercise would be held to do a persona-based organizational threat model.
Security activities Tuesday March 10, 16:00 - 17:30