SecAppDev 2024 - Cryptography
SecAppDev 2024 offers three days of in-depth lectures and two days of hands-on workshops. Use the buttons below to navigate between the topics. The full schedule shows all sessions.
AI / ML security
Threat modeling
OWASP top 10
Authentication
Authorization
Architecture
Secure Coding
Supply chain security
API security
Web security
Cryptography
Governance
Application Security
Cryptographic algorithms update
Deep-dive lecture by Bart Preneel in room Lemaire
Monday June 3rd, 14:00 - 15:30
An update on the most important cryptographic algorithms and a status on the migration towards post-quantum security.
Key takeaway: Which cryptographic algorithms to use for which tasks.
Slides available for download
Practical cryptography with Tink
Deep-dive lecture by Neil Madden in room West Wing
Monday June 3rd,
16:00 - 17:30
Also available as a recorded session on
Wednesday June 5th,
11:00 - 12:30
Learn how to translate cryptography know-how into robust working code that is easy to review. Avoid common implementation pitfalls by learning how to use the modern Tink cryptographic library.
Key takeaway: Learn how to use Tink to implement cryptographic features and protocols in a robust manner.
Slides available for download
A gentle intro to Ethereum and "smart contracts"
Introductory lecture by Tom Van Cutsem in room West Wing
Wednesday June 5th, 14:00 - 15:30
Ethereum is a programmable blockchain, a "world computer" powering decentralized applications. Find out how software for this "world computer" - smart contracts - are written using the Solidity language.
Key takeaway: Learn what programmable blockchains like Ethereum are all about, what kinds of applications they enable and what common pitfalls developers face.
Slides available for download
The Quantum threat and Post-Quantum Cryptography (PQC)
Deep-dive lecture by Bart Preneel in room Lemaire
Tuesday June 4th, 14:00 - 15:30
We discuss the status of NIST's PQC competition, IETF standards and national agencies' recommendations. We conclude with performance benchmarks and crypto agility challenges.
Key takeaway: Post-quantum standards are on their way. Implications will be increased complexity and communication and storage overhead. Crypto agility is hard.
Slides available for download
Crypto policy: from CSAM to eIDAS
Introductory lecture by Bart Preneel in room Lemaire
Wednesday June 5th, 09:00 - 10:30
This talk presents a summary of 30 years of crypto wars including the key escrow controversy, client-side scanning, and EU's digital identity initiatives.
Key takeaway: Technology developments create a growing tension between government mass surveillance and privacy; the resulting debate shifts shapes but continues.
Slides available for download
Technical approach to Zero Trust Application Access
Introductory lecture by Gijs Van Laer in room Lemaire
Monday June 3rd, 11:00 - 12:30
This session explores Zero Trust Application Access (ZTAA), a security model emphasizing "never trust, always verify". It'll cover the basics of ZTAA and important points for building and deploying applications within this strategy.
Key takeaway: You'll learn how to deploy Zero Trust Application Access (ZTAA) in small and large businesses and how to build applications according to ZTAA.
Slides available for download