SecAppDev 2023 lecture details

Policy-as-Code: across the tech stack

Discover Policy-as-Code (PaC) for decoupled security across the stack, covering OPA for API gateways, Kyverno for Kubernetes, Tetragon & Tracee for eBPF, and Casbin & Oso for authorization. Learn how to enhance security and compliance with PaC tools.

Tuesday June 13th, 16:00 - 17:30
Room Lemaire
Download handouts
Authorization
Web security
API security
Abstract

In the last decade, security policies have become increasingly complex and much more dynamic, making it significantly harder to manage them. In this session, we explore Policy-as-Code (PaC) for implementing decoupled security practices across the stack. Key topics include Open Policy Agent (OPA) rules and policies for API gateways, Kyverno for Kubernetes security, Tetragon and Tracee for eBPF, and Casbin and Oso for authorization. Attendees will learn how PaC unifies policy management and enforcement, providing better security, compliance, and risk management while reducing manual intervention.

Key takeaway

Using Open Policy Agent (OPA) for policy management, eBPF for security detection on containerized workloads, and authorization-as-code frameworks for RBAC

Content level

Deep-dive

Target audience

Security engineers, cloud professionals, AppSec professionals, and DevOps professionals

Prerequisites

Knowledge of API security would be preferable, Cloud Native skills are useful, knowledge of containers and Kubernetes is useful

Join us for SecAppDev. You will not regret it!

Abhay Bhargav
Abhay Bhargav

Founder and Chief Research Officer, AppSecEngineer

Expertise: Cutting-edge application security including cloud(-native) security, DevSecOps and threat modeling

More details

Join us for SecAppDev. You will not regret it!

Related lectures

The security model of the web

Introductory lecture by Philippe De Ryck in room Lemaire

Monday June 12th, 11:00 - 12:30

In this session, we explore how to leverage the fundamental security model of the web for security. We also explore complex attack patterns, such as CSRF, and how they impact even modern API-based applications.

Key takeaway: Understand how the browser reasons about web security, and how you can leverage this fundamental security model to secure your applications

Web security
API security
OWASP top 10

Modern security features for web apps

Introductory lecture by Lukas Weichselbaum in room Lemaire

Wednesday June 14th, 14:00 - 15:30

Learn about new web platform security mechanisms available in web browsers that enable developers to protect their web applications from common and new web attacks.

Key takeaway: Learn how to use new web security features such as CSP3, Trusted Types, Fetch Metadata and COOP to prevent classes of prevalent & emerging web attacks

Web security
Architecture
Authorization

OAuth 2.0 and OpenID Connect architectures

Deep-dive lecture by Philippe De Ryck in room West Wing

Monday June 12th, 16:00 - 17:30

In this session, we explore what OAuth 2.0 and OpenID Connect have to offer. We also investigate how to leverage these technologies to build a modern and secure application architecture.

Key takeaway: Understanding the fundamentals of OAuth 2.0 and OpenID Connect, and how to use these building blocks to design modern application architectures

API security
Authorization
Architecture
all workshops all lectures

SecAppDev offers the most in-depth content you will find in a conference setting