SecAppDev 2023 lecture details
The unabridged history of application security
This talk traces Application Security from its '60s origins marked by poor practices to today's advancements. We aim to inspire security professionals by highlighting the accelerated pace of positive changes over time.
Wednesday June 14th, 16:00 - 17:15
Room Lemaire
Download handoutsAbstract
In the '60s, Application Security emerged amid widespread issues like plaintext password storage and poor access control. This talk reviews its history, underscoring notable improvements and an escalating pace of positive change. We navigate through Application Security's past to inspire those in the often taxing security industry, who regularly face insecurities and failures. Taking a retrospective approach, we gain a refreshing perspective on our field's progress, serving as an inspiration by revealing the considerable advancements we've made towards superior security.
Key takeaway
Exploring Application Security's history reveals an encouraging trend: continuous, accelerating improvement over time.
Content level
Keynote
Target audience
All SecAppDev participants
Prerequisites
None
Related lectures
The security model of the web
Introductory lecture by Philippe De Ryck in room Lemaire
Monday June 12th, 11:00 - 12:30
In this session, we explore how to leverage the fundamental security model of the web for security. We also explore complex attack patterns, such as CSRF, and how they impact even modern API-based applications.
Key takeaway: Understand how the browser reasons about web security, and how you can leverage this fundamental security model to secure your applications
Building a secure Software Development Lifecycle
Introductory lecture by Avi Douglen in room West Wing
Monday June 12th, 11:00 - 12:30
How does an SDLC become a secure SDLC? In this session, we use real-world stories to identify and overcome challenges to integrate security into a development lifecycle. You will learn how to build and implement a high-value AppSec program.
Key takeaway: Learn how to initiate a software security program, manage the program on ongoing basis, keep it sustainable, and build stakeholder engagement and buy-in
Third-party library security management
Deep-dive lecture by Jim Manico in room West Wing
Wednesday June 14th, 14:00 - 15:30
Managing third party library dependence is one of the most difficult challenges in software development and requires significant process and technical discipline. This session offers actionable advice on getting this challenge under control.
Key takeaway: To handle third-party dependencies securely, you need to reduce the amount of libraries you use, vet the ones you use, and keep them up to date