Lectures at SecAppDev 2024
SecAppDev 2024 offers three days of in-depth lectures and two days of workshops, organized in a dual-track program.
SecAppDev lectures are 90 minutes each, allowing our expert faculty members to take a deep-dive into their topics. Throughout the lectures and the course, there is ample time to ask questions or discuss scenarios with our faculty members.
Check out the program for SecAppDev 2024 below. More sessions will be announced soon!
SecAppDev offers in-depth lectures of an exceptional quality
Grab your seat nowPractical cryptography with Tink
Deep-dive lecture by Neil Madden
Learn how to translate cryptography know-how into robust working code that is easy to review. Avoid common implementation pitfalls by learning how to use the modern Tink cryptographic library.
Key takeaway: Learn how to use Tink to implement cryptographic features and protocols in a robust manner.
AI Security: Essentials to Advanced
Deep-dive lecture by Jim Manico
Unpack AI security: business impacts, ethics, LLM challenges, privacy, and regulations like the EU AI Act. Essential for secure AI deployment.
Key takeaway: Secure and ethical AI deployment requires understanding risks, regulations, and best practices in technology and governance.
Supercharging OAuth 2.0 security
Advanced lecture by Philippe De Ryck
Discover how to apply OAuth 2.0 in high-security scenarios, exploring its latest security enhancements. Learn about advanced features like Resource Indicators, JAR, PAR, and DPoP, gaining the knowledge to implement OAuth 2.0 securely.
Key takeaway: OAuth 2.0 offers various new security enhancements, including Resource Indicators, JAR, PAR, DPoP, designed for high-security environments
A gentle intro to Ethereum and "smart contracts"
Introductory lecture by Tom Van Cutsem
Ethereum is a programmable blockchain, a "world computer" powering decentralized applications. Find out how software for this "world computer" - smart contracts - are written using the Solidity language.
Key takeaway: Learn what programmable blockchains like Ethereum are all about, what kinds of applications they enable and what common pitfalls developers face.
Security-centric app development: the itsme® use case
Introductory lecture by Steve Mihy
In this session, we will look at the history of the itsme® app and highlight how at every step security was at the forefront of the development. From the initial design to adding new features, the focus on security was never lost.
Key takeaway: The itsme® use case demonstrates how to keep security at the core of application development throughout its evolution.
Security foundations for modern web applications
Introductory lecture by Philippe De Ryck
In this session, we explore how to leverage the fundamental security model of the web for security. We also explore how to build a secure foundation for your web and API-based applications.
Key takeaway: Understand how the browser reasons about web security, and how you can leverage browser security mechanisms to secure your applications
Introduction to Macaroons
Introductory lecture by Neil Madden
A deep dive into the workings of Macaroons, a novel authorization technique developed by Google. Learn the unique capabilities of this exciting new technology and how it is being deployed by multiple companies to secure the cloud.
Key takeaway: Learn when to use Macaroons vs other technologies for authentication tokens.
Designing “least-authority” JavaScript apps
Deep-dive lecture by Tom Van Cutsem
Learn the problems and solutions of combining "trusted" and "untrusted" JavaScript. We introduce secure dialects of JavaScript and practical tools that are available to help contain third-party dependencies.
Key takeaway: Learn how to get "trusted" and "untrusted" JavaScript to safely co-exist in your app.
Building Secure ReactJS Applications
Deep-dive lecture by Jim Manico
Learn to secure ReactJS apps against XSS, data leaks, and more. Dive into props, dangerouslySetInnerHTML, CSS, JSON, XSS protections, and SSR. Essential for safer development.
Key takeaway: Component dynamics, unescaped props, dangerouslySetInnerHTML, JavaScript URLs, CSS, JSON, XSS defenses, lazy loading, template injection, SSR.
Security Signals - A framework to scale web security
Introductory lecture by Slawomir Goryczka
Learn about Security Signals, a data-driven framework to scale web security, provide insights into security stance, and unique capabilities to manage security mitigations and remediations with high coverage, precision, and recall.
Key takeaway: Understand how and why security web infrastructure is built, used, and maintained at scale, also learn its components and capabilities it’s providing.
The Past, Present, and Future of CSRF/CORF
Deep-dive lecture by Philippe De Ryck
Explore the evolution of CSRF and Cross-Origin Request Forgery, their impact on modern API-based applications, and how to effectively use defenses like SameSite cookies and Cross-Origin Resource Sharing.
Key takeaway: Gain a deep understanding of CSRF attacks, the conditions that lead to vulnerability, and how to implement best practice defenses to safeguard your applications.
Crypto policy: from CSAM to eIDAS
Introductory lecture by Bart Preneel
This talk presents a summary of 30 years of crypto wars including the key escrow controversy, client-side scanning, and EU's digital identity initiatives.
Key takeaway: Technology developments create a growing tension between government mass surveillance and privacy; the resulting debate shifts shapes but continues.