Important notice about SecAppDev 2020
Due to the current situation with COVID-19 (Corona), with deep regret, we feel bound to postpone SecAppDev 2020 indefinitely. While there have been no official instructions to postpone events such as ours or reduce travel, both attendees and speakers have informed us that they are unable to attend SecAppDev.
We hope everyone in SecAppDev stays healthy, and wish everyone the best for the coming months.
SecAppDev 2020 Lecture Details
Intro to trust & safety - Identifying abuse vectors
Tuesday March 10, 14:00 - 15:30
Trust & safety is all about how bad actors can exploit application design vulnerabilities to abuse other users. Here, you’ll learn how to identify these vulnerabilities so that you can prevent or close them in your applications.
The field of secure application development tends to focus on how bad actors can exploit code vulnerabilities to abuse the application. In contrast, the field of trust & safety focuses on how bad actors can exploit application design vulnerabilities to abuse other users.
In this session, we’ll tour common types of these trust & safety vulnerabilities, called abuse vectors, and construct guiding principles for identifying them. Then, we’ll look at several example applications and practice spotting these problems.
Attendees will learn how to identify trust & safety application vulnerabilities so that they can prevent or close them in their applications.
This session is intended for anyone who designs, builds, or secures software for users.
Familiarity with one or more social sites, like GitHub, Twitter, Slack, etc. is helpful. Awareness of the problem of online harassment is a plus.
SecAppDev is the most immersive application security course you have ever seenBook your seat now
Software Engineer, Community & Safety team, GitHub
Lexi is a software engineer on GitHub's Community & Safety team, where she builds features to ensure user privacy, trust, and safety on GitHub.com. In addition, she enjoys speaking and teaching about online Trust & Safety, the design and implementation principles that enable positive and trustful interactions between strangers on the internet. Aside from her work, she also enjoys traveling, and spending time with dogs.
Related privacy, safety & ethics sessions
The GDPR and doing really cool stuff with personal data!
Lecture by Bavo Van den Heuvel
The impression that the GDPR prevents innovative uses of personal data is mistaken. In this session, we explore GPDR compliance for interesting use cases, such as biometrics, tracking, intelligent camera's, IoT at home, sensors for behavioral evaluation.
Privacy, safety & ethics Monday March 9, 09:15 - 10:30
Trust & safety II - Best practices & current topics
Lecture by Lexi Galantino
Following “Intro to trust & safety”, this session will concern more advanced trust & safety design problems. We’ll also look at the current edge of research and recent product experiments and discuss their implications.
Privacy, safety & ethics Thursday March 12, 09:00 - 10:30
Paradigms of privacy research and privacy engineering
Lecture by Seda Gürses
Privacy and data protection are not the same thing. How do they differ and what does it mean in terms of technical designs? This talk will present a broad overview of theories of privacy and their translation into privacy designs and engineering practice.
Privacy, safety & ethics Tuesday March 10, 09:00 - 10:30
Protective optimization technologies
Lecture by Seda Gürses
Businesses nowadays can design systems for "ideal" interactions and environments by optimizing systems using machine learning and AI. However, these strategies have costs and associated risks. We will talk about these risks and costs, and introduce Protective Optimization Technologies as a way to flag or mitigate them.
Privacy, safety & ethics Tuesday March 10, 16:00 - 17:30