SecAppDev 2023 Faculty

Pieter De Cremer

Senior security researcher, Semgrep

Pieter's career started as an intern at Secure Code Warrior where he wrote more than 100 rules for their security tool, Sensei. He was closely involved in the early designs of the tool and after graduating, Pieter decided to pursue a PhD at this company. During his research, Pieter designed, implemented, and evaluated improvements for both training and tools provided by SCW. Currently Pieter works as a Security Researcher at Semgrep, he frequently presents and hosts workshops at conferences such as BruCON and OWASP BeNeLux.

Don't miss out on SecAppDev!

Subscribe to the mailing list

Secure defaults: developer-friendly security

Deep-dive lecture by Pieter De Cremer and Claudio Merloni in room West Wing

Monday June 12^th, 14:00 - 15:30

We will go over the vision for secure defaults, and then discuss how we can improve processes, training and tools to support this approach. The advice in this session is backed by my research.

Key takeaway: Security is no longer just the responsibility of the expert. Security training and tools should be adapted to fit a developer audience

Secure Coding

OWASP top 10

How to scale software quality and security using the open source tool Semgrep

One-day workshop by Pieter De Cremer and Claudio Merloni in room Lemaire

Friday June 16^th, 09:00 - 17:30

The software security industry is shifting left. Traditional security tools have failed to address the challenges of modern engineering teams as they often are too slow, overwhelm users with false positives, and do not provide sufficient remediation help. As a result, they do not ultimately raise a company’s security bar.

In this workshop we will focus on hands-on exercises, supported by research results to teach participants how to use Semgrep by taking a different approach to security, called paved road or secure defaults.

Learning goal: Why the current approach to software security is not working. How to automate code review to free up your time for higher impact work. Best practices in rolling out continuous code scanning, and how to write custom Semgrep rules.