SecAppDev 2023 lecture details
Supply chain risks in software development
This session covers supply chain risks in software development, techniques for managing them, and best practices for developers to mitigate risks and ensure secure and reliable software products. Where possible, we use live demos.
Tuesday June 13th, 14:00 - 15:30
Room West Wing
Download handoutsAbstract
In software development, supply chain risks create vulnerabilities like malicious code injection, compromised components, and unauthorized access. These risks can be curtailed through strategies such as supply chain mapping, vendor assessments, code reviews, and patch management. In this session, we dive into utilizing these techniques to bolster security within the Software Development Life Cycle (SDLC). Further, we illuminate how developers can complement these measures with secure coding, dependency management, threat modeling, security awareness training, and security reviews.
Key takeaway
Learn how to reduce supply chain risk adopting techniques used in the industry today.
Content level
Introductory
Target audience
Technical product managers, software engineers, product owners
Prerequisites
Basic knowledge about the SDLC
Bruno Bossola
Co-founder and CTO, Meterian Ltd
Expertise: Java Champion, experienced coder, agile coach
Related lectures
Fantastic software supply-chain vulnerabilities
Introductory lecture by Abhay Bhargav in room Lemaire
Tuesday June 13th, 09:00 - 10:30
This session dives into software supply-chain vulnerabilities, defense strategies, and risk mitigation. Attendees will gain insights and tools to build resilient supply chains and protect organizations from evolving threats.
Key takeaway: A comprehensive understanding of the current state of software supply-chain vulnerabilities and comprehensive defensive strategies
Third-party library security management
Deep-dive lecture by Jim Manico in room West Wing
Wednesday June 14th, 14:00 - 15:30
Managing third party library dependence is one of the most difficult challenges in software development and requires significant process and technical discipline. This session offers actionable advice on getting this challenge under control.
Key takeaway: To handle third-party dependencies securely, you need to reduce the amount of libraries you use, vet the ones you use, and keep them up to date
The security model of the web
Introductory lecture by Philippe De Ryck in room Lemaire
Monday June 12th, 11:00 - 12:30
In this session, we explore how to leverage the fundamental security model of the web for security. We also explore complex attack patterns, such as CSRF, and how they impact even modern API-based applications.
Key takeaway: Understand how the browser reasons about web security, and how you can leverage this fundamental security model to secure your applications