SecAppDev 2023 Faculty
Avi Douglen
CEO, Bounce Security
Avi Douglen has been building applications for security for decades, and is obsessed with maximizing value from security efforts. He is the founder and CEO of Bounce Security, a boutique consulting agency dedicated to helping developers integrate security efficiently into their workflows. As a frequent speaker and trainer, he has trained thousands of developers to build more secure products. Avi is an active contributor to open source communities, including OWASP and AppSec Israel conference, is a community moderator on https://Security.StackExchange.com/, and co-authored the Threat Modeling Manifesto
Building a secure Software Development Lifecycle
Introductory lecture by Avi Douglen in room West Wing
Monday June 12th, 11:00 - 12:30
How does an SDLC become a secure SDLC? In this session, we use real-world stories to identify and overcome challenges to integrate security into a development lifecycle. You will learn how to build and implement a high-value AppSec program.
Key takeaway: Learn how to initiate a software security program, manage the program on ongoing basis, keep it sustainable, and build stakeholder engagement and buy-in
Analysis of authentication: deciding on "good enough"
Deep-dive lecture by Avi Douglen in room West Wing
Tuesday June 13th, 09:00 - 10:30
In this session, we start by threat modeling an authentication system. We analyze the risks of secret-based authentication and guide you in building usable password policies. We'll dive into the math, and investigate secure password storage.
Key takeaway: Analyze the security of user authentication, make the right trade-offs, and strengthen the security of password-based authentication
Building secure systems with threat modeling
One-day workshop by Avi Douglen in room Lemaire
Thursday June 15th, 09:00 - 17:30
Threat Modeling is a structured methodology to efficiently analyze complex systems. This can help you identify weaknesses and prioritize appropriate countermeasures. But to maximize its effect, this must be an ongoing practice, not just a one-time activity, so we also introduce a more lightweight "value driven" approach for security-minded developers.
The threat modeling techniques taught in this workshop will guide you in contributing to your product's security, focusing on security features, and designing a secure product architecture.
Learning goal: How to design a secure product with threat modeling. Share useful models to evoke insight and communicate with others. Inspire and convince others to collaborate on threat modeling in a continuous workflow.