SecAppDev 2022 - Full Course Schedule

Below, you can find the full course schedule for SecAppDev 2022. Please note that the schedule might be subject to change until the start of the course.

Monday June 13

08:45 - 08:55
Opening session

Organizational session

Kicking off SecAppDev with a warm welcome, along with a few practicalities for the organization of the course.

Venue: Lemaire

09:00 - 10:30
Introduction to OAuth 2.0 and OpenID Connect

Lecture by Philippe De Ryck

A solid understanding of OAuth 2.0/OIDC best practices and how to effectively use these technologies in your applications.

Identity and access management Venue: Lemaire

Privacy and ethics in secondary use of sensitive data

Lecture by Griet Verhenneman

Transparency, pseudonymisation and, depending on the context, the right to opt-out should be your keys to the (re)use of personal health-related data.

Privacy, safety & ethics Venue: West wing

11:00 - 12:30
Enterprise security architecture and app development

Lecture by Stefaan Van daele

How Enterprise Security Architecture could help to improve the security posture of the applications developed for your organisation.

Security processes Venue: Lemaire

Security of embedded devices - an introduction

Lecture by Lennert Wouters

Physical attackers are a major threat to IoT security, allowing everyone to hack embedded devices

IoT and low-level security Venue: West wing

14:00 - 15:30
Cryptocurrencies and blockchains

Lecture by Bart Preneel

Cryptocurrencies are here to stay. Blockchain can bring innovation through novel ecosystems and cool cryptography.

Crypto Venue: Lemaire

Implementing GDPR in software projects

Lecture by Mykyta Petik

Learn about key GDPR requirements to consider in their software projects as well as how to involve DPOs and lawyers in SDLC process

Privacy, safety & ethics Venue: West wing

16:00 - 17:30
Privacy-friendly proximity and presence tracing

Lecture by Bart Preneel

Against all odds, it is possible to achieve proximity and presence tracing at a large scale while respecting the privacy requirements of the users.

Privacy, safety & ethics Venue: Lemaire

Securing OAuth 2.0 and OpenID Connect in Frontends

Lecture by Philippe De Ryck

The best approach to secure a Single Page Application with OAuth 2.0 is by using a Backend-For-Frontend

Identity and access management Venue: West wing

Tuesday June 14

09:00 - 10:30
The OWASP Top Ten 2021-2022 release

Lecture by Jim Manico

Current best practice defenses to counter the OWASP top 10 risks against web applications

Web and API security Venue: Lemaire

Trusted Execution and how far you can trust it

Lecture by Jan Tobias Muehlberg

Learn how and when to rely on technologies such as Intel SGX, and understand what security guarantees these technologies can provide.

IoT and low-level security Venue: West wing

11:00 - 12:30
New developments in cryptography land

Lecture by Bart Preneel

Cryptography keeps changing. More effort is needed on cryptographic algorithm agility and new applications are opening up.

Crypto Venue: Lemaire

Everything-as-Code - Ideas for a new world of AppSec

Lecture by Abhay Bhargav

Understanding decoupled security controls for microservice stacks and various approaches to implement security-as-code

Security processes Venue: West wing

14:00 - 15:30
OAuth for security critical applications

Lecture by Dr. Torsten Lodderstedt

OAuth 2 has the necessary features and flexibility to both properly protect security critical APIs while building scalable and performant systems.

Identity and access management Venue: Lemaire

Level up your threat modeling practice

Lecture by Sebastien Deleersnyder

Understand how to build and improve a threat modeling practice to level up your product security.

Security processes Venue: West wing

16:00 - 17:30
The (bright) future of API Security

Lecture by Isabelle Mauny

The inherent risks of exposing APIs and what we can do today and tomorrow to address them.

Web and API security Venue: Lemaire

Wednesday June 15

09:00 - 10:30
Recent developments in OAuth

Lecture by Dr. Torsten Lodderstedt

OAuth 2 was improved and simplified a lot in the last years.

Identity and access management Venue: Lemaire

Security of WebAssembly applications

Lecture by Quentin StiƩvenart

Despite WebAssembly having been developed with security in mind, it is important to be aware of the security limitations of this platform.

Web and API security Venue: West wing

11:00 - 12:30
Web request forgery - SSRF, CSRF and clickjacking

Lecture by Jim Manico

Learn how to prevent forgery attacks such as CSRF, SSRF, and Clickjacking

Web and API security Venue: Lemaire

Analyzing the security of OAuth 2.0 implementations

Lecture by Pieter Philippaerts

Securely implementing and configuring OAuth services is difficult. Follow the OAuth Security Best Current Practices to properly mitigate threats.

Identity and access management Venue: West wing

14:00 - 15:30
Fantastic API Vulnerabilities and where to find them

Lecture by Abhay Bhargav

Web application security and API security are fundamentally different, as illustrated by attacks against webhooks, different types of SSRF attacks, and various access control flaws.

Web and API security Venue: Lemaire

Persona-based security and threat-modeling

Lecture by Deepak Subramanian

The details of the meaning of "personas", how to work with them in a security context and apply them for example in threat modeling

Security processes Venue: West wing

16:00 - 17:15
Solid foundation for a secure future

Lecture by Jaya Baloo

An honest look at the security challenges we are facing in the future

Security processes Venue: Lemaire

17:15 - 17:30
Wrapping up the SecAppDev lectures

Organizational session

Wrapping up the lecture part of SecAppDev with a brief recap and a raffle, followed by our course dinner.

Venue: Lemaire

18:00 - 22:00
Course dinner

Organizational session

A joint course dinner in the wonderful setting of De Hoorn, a historical brewery in Leuven

Venue: De Hoorn

Thursday June 16

09:00 - 17:00
(All day)
Hands-on threat modeling

One-day workshop by Sebastien Deleersnyder

Cover the 4 main steps of creating and updating an effective threat model and use threat modeling as part of the secure design of systems

Security processes Venue: Lemaire

Getting API authorization right

One-day workshop by Philippe De Ryck

An in-depth perspective on common authorization failures and best practices for APIs.

Web and API security Venue: West wing

Friday June 17

09:00 - 17:00
(All day)
Purple team AWS - Discoverer edition

One-day workshop by Abhay Bhargav

Insights into AWS attack, detect and defense techniques and exposure to a combination of traditional and modern stacks in a workshop with intensive hands-on labs

Web and API security Venue: Lemaire

Building secure web applications

One-day workshop by Jim Manico

Best practices for building secure modern web applications

Web and API security Venue: West wing