SecAppDev 2023 - Authorization
Machine learning security
OWASP top 10
Supply chain security
Secure Coding with the OWASP Top Ten
One-day workshop by Jim Manico in room West Wing
Friday June 16th, 09:00 - 17:30
The OWASP Top 10 is a standard awareness document for web developers and web application security professionals. It represents a broad consensus about the most critical security risks to web applications. As software developers author code that makes up a web application, they need to embrace and practice various secure coding techniques. This training provides defensive instruction in relation to the OWASP Top Ten to aid developers in authoring secure software.
Learning goal: A thorough understanding of the risks listed in the OWASP top 10, along with best practice secure coding guidelines to mitigate these risks in web applications and APIs
Demystifying Zero Trust
Introductory lecture by Bart Preneel in room Lemaire
Wednesday June 14th, 09:00 - 10:30
We discuss the principles of zero trust and explain how it can be implemented. We also discuss how we can build up trust in devices, software and hardware components.
Key takeaway: Understand whether zero trust is useful for your organization or system. Reflect on which products and services you trust and why
Modern security features for web apps
Introductory lecture by Lukas Weichselbaum in room Lemaire
Wednesday June 14th, 14:00 - 15:30
Learn about new web platform security mechanisms available in web browsers that enable developers to protect their web applications from common and new web attacks.
Key takeaway: Learn how to use new web security features such as CSP3, Trusted Types, Fetch Metadata and COOP to prevent classes of prevalent & emerging web attacks
OAuth 2.0 and OpenID Connect architectures
Deep-dive lecture by Philippe De Ryck in room West Wing
Monday June 12th, 16:00 - 17:30
In this session, we explore what OAuth 2.0 and OpenID Connect have to offer. We also investigate how to leverage these technologies to build a modern and secure application architecture.
Key takeaway: Understanding the fundamentals of OAuth 2.0 and OpenID Connect, and how to use these building blocks to design modern application architectures
Policy-as-Code: across the tech stack
Deep-dive lecture by Abhay Bhargav in room Lemaire
Tuesday June 13th, 16:00 - 17:30
Discover Policy-as-Code (PaC) for decoupled security across the stack, covering OPA for API gateways, Kyverno for Kubernetes, Tetragon & Tracee for eBPF, and Casbin & Oso for authorization. Learn how to enhance security and compliance with PaC tools.
Key takeaway: Using Open Policy Agent (OPA) for policy management, eBPF for security detection on containerized workloads, and authorization-as-code frameworks for RBAC
Access control unveiled: Challenges & best practices
Deep-dive lecture by Maarten Decat in room West Wing
Tuesday June 13th, 11:00 - 12:30
Having control over who can access what within an organization has become a cornerstone of modern cybersecurity. This session provides a deep dive into the challenges and best practices of both access control and identity and access management.
Key takeaway: Understanding access control & Identity and Access Management (IAM), including challenges & best practices for effective implementation.