SecAppDev 2023 lecture details
Demystifying Zero Trust
We discuss the principles of zero trust and explain how it can be implemented. We also discuss how we can build up trust in devices, software and hardware components.
Wednesday June 14th, 09:00 - 10:30
Room Lemaire
Download handoutsAbstract
Zero trust takes a different approach to cybersecurity: rather than focusing on perimeters defined by networks or physical premises, one shifts towards protecting users, assets and resources. Rather than implicitly trusting components that are nearby or on the same network, every element is authenticated. This lecture describes how this can be implemented and raises some broader topics related to trusting components in a system.
Key takeaway
Understand whether zero trust is useful for your organization or system. Reflect on which products and services you trust and why
Content level
Introductory
Target audience
Security architects and software developers
Prerequisites
None
Related lectures
Modern security features for web apps
Introductory lecture by Lukas Weichselbaum in room Lemaire
Wednesday June 14th, 14:00 - 15:30
Learn about new web platform security mechanisms available in web browsers that enable developers to protect their web applications from common and new web attacks.
Key takeaway: Learn how to use new web security features such as CSP3, Trusted Types, Fetch Metadata and COOP to prevent classes of prevalent & emerging web attacks
OAuth 2.0 and OpenID Connect architectures
Deep-dive lecture by Philippe De Ryck in room West Wing
Monday June 12th, 16:00 - 17:30
In this session, we explore what OAuth 2.0 and OpenID Connect have to offer. We also investigate how to leverage these technologies to build a modern and secure application architecture.
Key takeaway: Understanding the fundamentals of OAuth 2.0 and OpenID Connect, and how to use these building blocks to design modern application architectures
Access control unveiled: Challenges & best practices
Deep-dive lecture by Maarten Decat in room West Wing
Tuesday June 13th, 11:00 - 12:30
Having control over who can access what within an organization has become a cornerstone of modern cybersecurity. This session provides a deep dive into the challenges and best practices of both access control and identity and access management.
Key takeaway: Understanding access control & Identity and Access Management (IAM), including challenges & best practices for effective implementation.