Lecture sessions at SecAppDev 2022
SecAppDev 2022 offers a 22 in-depth lectures and 4 one-day workshops, organized in a dual-track program.
SecAppDev lectures are 90 minutes each, allowing our expert faculty members to take a deep-dive into their topics. Throughout the lectures and the course, there is ample time to ask questions or discuss scenarios with our faculty members.
SecAppDev offers in-depth lectures of an exceptional quality
Book your seat nowThe list below gives a detailed overview of the lectures at SecAppDev 2022. The full schedule will be released soon.
Privacy and ethics in secondary use of sensitive data
Lecture by Griet Verhenneman
Anonymisation versus pseudonymisation, public interest versus commercial interest, opt-in versus opt-out, and the pull versus push approach to transparency. This session explores the limitations, but also provides solutions.
Key takeaway: Transparency, pseudonymisation and, depending on the context, the right to opt-out should be your keys to the (re)use of personal health-related data.
Privacy, safety & ethics Schedule TBD
Everything-as-Code - Ideas for a new world of AppSec
Lecture by Abhay Bhargav
Showcasing techniques, tools and practices that underscore and highlight concepts of security-as-code for application security.
Key takeaway: Understanding decoupled security controls for microservice stacks and various approaches to implement security-as-code
Security processes Schedule TBD
Fantastic API Vulnerabilities and where to find them
Lecture by Abhay Bhargav
Learn about the unique nature of API compromises, nuanced SSRF attack patterns, webhook boomerang attacks, JWT implementation vulnerabilities, and authorization flaws
Key takeaway: Web application security and API security are fundamentally different, as illustrated by attacks against webhooks, different types of SSRF attacks, and various access control flaws.
Web and API security Schedule TBD
Trusted Execution and how far you can trust it
Lecture by Jan Tobias Muehlberg
Modern processors provide Trusted Execution Environments that allow you to protect software components even from an untrusted operating system. Learn when and how to use them!
Key takeaway: Learn how and when to rely on technologies such as Intel SGX, and understand what security guarantees these technologies can provide.
IoT and low-level security Schedule TBD
Security of WebAssembly Applications
Lecture by Quentin StiƩvenart
WebAssembly enables near-native performance for web applications. We will dive deep into the world of WebAssembly, with a focus on the security concerns that need to be addressed when developing WebAssembly applications.
Key takeaway: Despite WebAssembly having been developed with security in mind, it is important to be aware of the security limitations of this platform.
Web and API security Schedule TBD
Enterprise security architecture and app development
Lecture by Stefaan Van daele
Developing secure code is a good start, but what more could you do from security point of view? This session puts secure application development in the context of an Enterprise Security Architecture model and illustrates how these two processes interact.
Key takeaway: How Enterprise Security Architecture could help to improve the security posture of the applications developed for your organisation.
Security processes Schedule TBD
Implementing GDPR in software projects
Lecture by Mykyta Petik
This sessions aims to provide a general overview of how to implement GDPR in SDLC and ensure compliance with privacy and personal data protection rules
Key takeaway: Learn about key GDPR requirements to consider in their software projects as well as how to involve DPOs and lawyers in SDLC process
Privacy, safety & ethics Schedule TBD
Introduction to OAuth 2.0 and OpenID Connect
Lecture by Philippe De Ryck
OAuth 2.0 and OIDC are confusing, which often results in confusion and implementation mistakes. In this session, we explore the purpose of these technologies and the current best practices of using them.
Key takeaway: A solid understanding of OAuth 2.0/OIDC best practices and how to effectively use these technologies in your applications.
Identity and access management Schedule TBD
Securing OAuth 2.0 and OpenID Connect in Frontends
Lecture by Philippe De Ryck
Learn why SPAs as OAuth 2.0 clients are inherently insecure, and how moving responsibilities to a lightweight backend with the BFF pattern can offer a solution.
Key takeaway: The best approach to secure a Single Page Application with OAuth 2.0 is by using a Backend-For-Frontend
Identity and access management Schedule TBD
OAuch - Analyzing the security of OAuth 2.0 implementations
Lecture by Pieter Philippaerts
In this presentation, we introduce a tool to test and analyze the security of OAuth 2.0 authorization servers. We also present a summary of the results of our OAuth ecosystem analysis, and identify some lessons learned.
Key takeaway: Securely implementing and configuring OAuth services is difficult. Follow the OAuth Security Best Current Practices to properly mitigate threats.
Identity and access management Schedule TBD
Level up your threat modeling practice
Lecture by Sebastien Deleersnyder
We pulled together our threat modeling vision and strategy with OWASP best practices to create a 'Threat Modeling Playbook'. It shows you how to turn threat modelling into an established, reliable practice.
Key takeaway: Understand how to build and improve a threat modeling practice to level up your product security.
Security processes Schedule TBD
Cryptocurrencies and blockchains
Lecture by Bart Preneel
This lecture offers a perspective on the building blocks and concepts of blockchain technologies. It will go beyond the hype and look at the underlying technologies and their strengths and weaknesses.
Key takeaway: Cryptocurrencies are here to stay. Blockchain can bring innovation through novel ecosystems and cool cryptography.
Crypto Schedule TBD
New developments in cryptography land
Lecture by Bart Preneel
This lecture discusses developments in cryptography that will impact applications in the next years, such as authenticated encryption, post-quantum cryptography, multi-party computation and (somewhat) fully homomorphic encryption.
Key takeaway: Cryptography keeps changing. More effort is needed on cryptographic algorithm agility and new applications are opening up.
Crypto Schedule TBD
Privacy-Friendly Proximity and Presence Tracing
Lecture by Bart Preneel
During the corona pandemic, privacy-friendly protocols for proximity and presence tracing have been widely deployed in a very short time. Even if these technologies were overhyped, they have delivered valuable contributions.
Key takeaway: Against all odds, it is possible to achieve proximity and presence tracing at a large scale while respecting the privacy requirements of the users.
Crypto Schedule TBD
The OWASP Top Ten 2021-2022 release
Lecture by Jim Manico
The OWASP Top 10 represents a broad consensus about the most critical security risks to web applications. In this session, we explore how developers can mitigate these threats in modern web applications.
Key takeaway: Current best practice defenses to counter the OWASP top 10 risks against web applications
Web and API security Schedule TBD
Request Forgery on the Web - SSRF, CSRF and Clickjacking
Lecture by Jim Manico
he web is full of request forgery attacks, such as CSRF, SSRF, and Clickjacking. In this session, we provide actionable guidance on mitigating these issues in modern applications.
Key takeaway: Learn how to prevent forgery attacks such as CSRF, SSRF, and Clickjacking
Web and API security Schedule TBD