SecAppDev 2023 lecture details
Policy-as-Code: across the tech stack
Discover Policy-as-Code (PaC) for decoupled security across the stack, covering OPA for API gateways, Kyverno for Kubernetes, Tetragon & Tracee for eBPF, and Casbin & Oso for authorization. Learn how to enhance security and compliance with PaC tools.
Tuesday June 13th, 16:00 - 17:30
In the last decade, security policies have become increasingly complex and much more dynamic, making it significantly harder to manage them. In this session, we explore Policy-as-Code (PaC) for implementing decoupled security practices across the stack. Key topics include Open Policy Agent (OPA) rules and policies for API gateways, Kyverno for Kubernetes security, Tetragon and Tracee for eBPF, and Casbin and Oso for authorization. Attendees will learn how PaC unifies policy management and enforcement, providing better security, compliance, and risk management while reducing manual intervention.
Using Open Policy Agent (OPA) for policy management, eBPF for security detection on containerized workloads, and authorization-as-code frameworks for RBAC
Security engineers, cloud professionals, AppSec professionals, and DevOps professionals
Knowledge of API security would be preferable, Cloud Native skills are useful, knowledge of containers and Kubernetes is useful
Founder and Chief Research Officer, AppSecEngineer
Expertise: Cutting-edge application security including cloud(-native) security, DevSecOps and threat modeling
The security model of the web
Lecture by Philippe De Ryck in room Lemaire
Monday June 12th, 11:00 - 12:30
In this session, we explore how to leverage the fundamental security model of the web for security. We also explore complex attack patterns, such as CSRF, and how they impact even modern API-based applications.
Key takeaway: Understand how the browser reasons about web security, and how you can leverage this fundamental security model to secure your applications
Modern security features for web apps
Lecture by Lukas Weichselbaum in room Lemaire
Wednesday June 14th, 14:00 - 15:30
Learn about new web platform security mechanisms available in web browsers that enable developers to protect their web applications from common and new web attacks.
Key takeaway: Learn how to use new web security features such as CSP3, Trusted Types, Fetch Metadata and COOP to prevent classes of prevalent & emerging web attacks
OAuth 2.0 and OpenID Connect architectures
Lecture by Philippe De Ryck in room West Wing
Monday June 12th, 16:00 - 17:30
In this session, we explore what OAuth 2.0 and OpenID Connect have to offer. We also investigate how to leverage these technologies to build a modern and secure application architecture.
Key takeaway: Understanding the fundamentals of OAuth 2.0 and OpenID Connect, and how to use these building blocks to design modern application architectures