SecAppDev 2023 lecture details
Security architecture in a distributed world
This session highlights challenges in securing distributed applications and suggests field-tested solutions to tackle this emerging issue.
Tuesday June 13th, 14:00 - 15:30
Distributed architectures like microservices present unique challenges to security, especially regarding scalability. This session examines these challenges and explores solutions for both development and runtime phases. We will discuss the roles of Application Gateways, WAFs, and Service Meshes, along with established deployment patterns for client and internal traffic. Additionally, we will consider the various security layers that need attention and the significance of automation in ensuring security scales across hundreds of APIs.
Understand and address the challenges of securing a distributed application composed of hundreds of micro-services.
Architects, developers, and AppSec professionals
Basic knowledge of API-based applications
Field CTO, 42Crunch
Expertise: Integration, APIs, API Security
OAuth 2.0 and OpenID Connect architectures
Lecture by Philippe De Ryck in room West Wing
Monday June 12th, 16:00 - 17:30
In this session, we explore what OAuth 2.0 and OpenID Connect have to offer. We also investigate how to leverage these technologies to build a modern and secure application architecture.
Key takeaway: Understanding the fundamentals of OAuth 2.0 and OpenID Connect, and how to use these building blocks to design modern application architectures
The security model of the web
Lecture by Philippe De Ryck in room Lemaire
Monday June 12th, 11:00 - 12:30
In this session, we explore how to leverage the fundamental security model of the web for security. We also explore complex attack patterns, such as CSRF, and how they impact even modern API-based applications.
Key takeaway: Understand how the browser reasons about web security, and how you can leverage this fundamental security model to secure your applications
Demystifying Zero Trust
Lecture by Bart Preneel in room Lemaire
Wednesday June 14th, 09:00 - 10:30
We discuss the principles of zero trust and explain how it can be implemented. We also discuss how we can build up trust in devices, software and hardware components.
Key takeaway: Understand whether zero trust is useful for your organization or system. Reflect on which products and services you trust and why