One-day workshops at SecAppDev 2022

SecAppDev 2022 offers four one-day workshops, spread out over two days. These workshops are accessible to all full course attendees and you can join the workshops of your preference on the day itself.

We strongly recommend to enjoy the full course, but if you prefer to join the workshops only, separate tickets are available. More information about tickets is available on the registration page.

Hands-on threat modeling

Sebastien Deleersnyder

This is a Threat Modeling course for DevOps Engineers to improve reliability and security of delivered software. We will teach an iterative and incremental threat modeling method.

You will perform threat modeling in 4 sprints. Exercises are built upon a fictional system, migrating a legacy system towards a cloud application:

  • Modeling a hotel booking web and mobile application, sharing a REST backend
  • Threat identification as part of migrating the system to AWS
  • AWS threat mitigations for the booking system build on microservices
  • Building an attack library for CI/CD pipelines

Security processes Thursday June 16, 09:00 - 17:00

Getting API authorization right

Philippe De Ryck

Building secure APIs and microservices is hard, really hard. This workshop provides API developers with the necessary knowledge to assess and improve the security of their APIs. This workshop consists of a mixture of lectures, demos, interactive quizzes, and hands-on labs.

In this workshop, we explore common authorization failures in APIs and various defensive strategies, along with their trade-offs and pitfalls. We dive deep into API-specific topics, such as handling JSON Web Tokens (JWTs) and dealing with OAuth 2.0 access tokens. You will walk away with an actionable set of best practices.

Web and API security Thursday June 16, 09:00 - 17:00

Purple team AWS - Discoverer edition

Abhay Bhargav

With companies moving and operating extensively on the AWS Cloud, security remains a key challenge.

This training is an extensive deep-dive into Attack, Detect and Defense implementations within AWS. The training is dedicated to cookbook-style “Attack, Detect and Defence” cyber-ranges.

The aim of this training is to take the participant through a journey of highly practical, scalable and granular knowledge of AWS offense, defense and security automation.

Web and API security Friday June 17, 09:00 - 17:00

Building secure web applications

Jim Manico

This highly intensive and interactive workshop provides essential application security training for every web developer. The class is a combination of lectures, security testing demonstrations, code review, and interactive threat modeling discussions. Students will learn the most common threats against applications. More importantly, students will learn how to code secure software via a variety of techniques such as secure design practices, defense-based coding, the use of security libraries and services, and the use of a variety of web security standards.

Web and API security Friday June 17, 09:00 - 17:00