SecAppDev 2023 lecture details

Security architecture in a distributed world

This session highlights challenges in securing distributed applications and suggests field-tested solutions to tackle this emerging issue.

Tuesday June 13th, 14:00 - 15:30
Room Lemaire
Download handouts
Architecture
API security
Abstract

Distributed architectures like microservices present unique challenges to security, especially regarding scalability. This session examines these challenges and explores solutions for both development and runtime phases. We will discuss the roles of Application Gateways, WAFs, and Service Meshes, along with established deployment patterns for client and internal traffic. Additionally, we will consider the various security layers that need attention and the significance of automation in ensuring security scales across hundreds of APIs.

Key takeaway

Understand and address the challenges of securing a distributed application composed of hundreds of micro-services.

Content level

Deep-dive

Target audience

Architects, developers, and AppSec professionals

Prerequisites

Basic knowledge of API-based applications

Join us for SecAppDev. You will not regret it!

Isabelle Mauny
Isabelle Mauny

Field CTO, 42Crunch

Expertise: Integration, APIs, API Security

More details

Join us for SecAppDev. You will not regret it!

Related lectures

OAuth 2.0 and OpenID Connect architectures

Deep-dive lecture by Philippe De Ryck in room West Wing

Monday June 12th, 16:00 - 17:30

In this session, we explore what OAuth 2.0 and OpenID Connect have to offer. We also investigate how to leverage these technologies to build a modern and secure application architecture.

Key takeaway: Understanding the fundamentals of OAuth 2.0 and OpenID Connect, and how to use these building blocks to design modern application architectures

API security
Authorization
Architecture

The security model of the web

Introductory lecture by Philippe De Ryck in room Lemaire

Monday June 12th, 11:00 - 12:30

In this session, we explore how to leverage the fundamental security model of the web for security. We also explore complex attack patterns, such as CSRF, and how they impact even modern API-based applications.

Key takeaway: Understand how the browser reasons about web security, and how you can leverage this fundamental security model to secure your applications

Web security
API security
OWASP top 10

Demystifying Zero Trust

Introductory lecture by Bart Preneel in room Lemaire

Wednesday June 14th, 09:00 - 10:30

We discuss the principles of zero trust and explain how it can be implemented. We also discuss how we can build up trust in devices, software and hardware components.

Key takeaway: Understand whether zero trust is useful for your organization or system. Reflect on which products and services you trust and why

Architecture
Cryptography
Authorization
all workshops all lectures

SecAppDev offers the most in-depth content you will find in a conference setting