SecAppDev Studio Day

The SecAppDev Studio Day is a unique event where we record selected lectures from the SecAppDev course in a TED-talk style setup. This professional recording environment includes high-quality audio and video capture, and may feature occasional shots of the audience to enhance the viewing experience.

Each lecture will be followed by a Q&A session, providing attendees the opportunity to interact with the speakers, ask questions, and delve deeper into the topics discussed. This format ensures that both the live audience and future viewers can benefit from the expertise shared during the sessions.

Studio Day Lectures

We have selected the following SecAppDev 2024 lectures to be recorded at the Studio Day.

Secure coding: Back to Basics

Deep-dive lecture by Erlend Oftedal

In this lecture we will look at how we write and how we can influence the security of the code by writing it in a different way. We will look at constructs in the code and borrow a bit from modern Domain Driven Design to help make the code more secure. We will also challenge some of the ways developers typically write software. The lecture should be relevant to both junior and experienced developers.

Erlend Oftedal
Erlend Oftedal

Security Researcher, Crosspoint Labs As

Erlend has worked as a software developer, security architect, penetration tester and code reviewer for 20 years. He has been heading the OWASP Oslo chapter in Norway for over 10 years, and builds and maintains several open source security tools.

Practical cryptography with Tink

Deep-dive lecture by Neil Madden

There are many textbooks and courses to learn the theoretical foundations of cryptography, and particular constructions, but fewer dive into the details of how to translate that into working production code.

In this session we will describe the challenges presented by traditional cryptography libraries, and the security vulnerabilities that can result from misuse. We will then examine modern hard-to-misuse libraries, focusing on Google’s Tink library. Particular attention is paid to key storage and management.

Neil Madden
Neil Madden

Founder and CEO, Illuminated Security Ltd

Neil Madden is the founder and CEO of Illuminated Security and the author of API Security in Action. Neil was previously the Security Architect for ForgeRock, and is an active contributor to the OAuth and JOSE Working Groups at the IETF. In 2021, Neil discovered a critical vulnerability in Java's elliptic curve digital signature algorithm (ECDSA), which was dubbed the "cryptography bug of the year" and named as one of the top 10 web hacking techniques of 2022. Neil has a PhD in Computer Science and lives in the Cotswolds, England with his wife and daughter.

Passkeys: the future of user authentication

Advanced lecture by Philippe De Ryck

User authentication has been a mess for ages. Attempts to fix it by adding more authentication factors might work, but is quite complex. But what if there's a world where we can replace this insecure first factor with single strong authentication mechanism? That's what passkeys promise to do!

This session will dive head-first into passkeys. We not only explore passkeys from a user's perspective and a developer's perspective, but we also look at the mechanics under the hood. By the end of this session, you will understand how passkeys work and will know how to use them in your applications.

Philippe De Ryck
Philippe De Ryck

Security Expert, Pragmatic Web Security

Philippe De Ryck helps developers protect companies through better web security. His Ph.D. in web security from KU Leuven lies at the basis of his exceptional knowledge of the security landscape. As the founder of Pragmatic Web Security, Philippe delivers security training and security consulting to companies worldwide. His online course platform allows anyone to learn complex security topics at their own pace. Philippe is a Google Developer Expert and an Auth0 Ambassador for his community contributions on the security of web applications and APIs.

Security Signals - A framework to scale web security

Introductory lecture by Slawomir Goryczka

Ensuring the security of web applications developed by many different engineers requires a solid understanding of security details and can be quite hard to scale. Thus, a web security team should also own the rollouts of security features. This requires a mindset shift, and high-quality metrics and tools to perform such changes.

In this session, we'll explore Security Signals, a framework for collecting and processing aggregated and de-identified traffic logs across all Google web properties. Using the adoption of strict CSP as an example, we will take a closer look at how all components work.

Slawomir Goryczka
Slawomir Goryczka

Software Engineer in Security, Google

I'm a software engineer at Google's Information Security Engineering team with academic and industry experience in anonymization, privacy, and web security. At Google, I'm working across with professionals from different focus areas to measure coverage, quality, and accuracy of security and privacy mitigations with a strong focus on the web. I'm very excited about data driven security engineering and research in a scalable and distributed ecosystem.

Studio Day Schedule

Below is the detailed schedule for the SecAppDev Studio Day. The day features four lectures, two coffee breaks, and a catered sandwich lunch. Please note that attendees are expected to attend the entire day.

08:30 - 09:00

Registration and welcome coffee

09:00 - 10:30

Studio Day Lecture

10:30 - 11:00

Coffee break

11:00 - 12:30

Studio Day Lecture

12:30 - 14:00

Sandwich Lunch

14:00 - 15:30

Studio Day Lecture

15:30 - 16:00

Coffee break

16:00 - 17:30

Studio Day Lecture

Registration

Registration is available by invitation only. You can sign up using the link you have received in your personal invitation.

Registration for the SecAppDev Studio Day is free of charge. However, hosting this event involves considerable resources, so we appreciate your commitment to attending once you register. If for any reason you are unable to attend, please cancel your registration in advance to allow someone else the opportunity to participate.

By registering, you agree to be part of the recorded audience, which helps us create engaging and dynamic content for future viewers. Your cooperation and enthusiasm are key to making this event a success.

Venue and Practicalities

The event will be held at the Faculty Club, specifically in the side building "Convent van Chièvres," in the "Willem Van Croy" room. Please note that this event is separate from the main SecAppDev course.

Address

Faculty Club
Groot Begijnhof 14
3000 Leuven
Belgium

Vehicle access

The Faculty Club's driveway is situated on Leuven ring road, just off the E40/E314. Parking facilities are available on site.

Public transport

Leuven is a small town with an extensive bus network. The bus station is attached to the train station. Bus number 600 approaches the site via the ring road. Bus number 1 and 2 stop a few hundred meters from the Faculty Club via the city center.

Detailed instructions are available from the Faculty Club website .

Contact

For questions, help, or feedback, you can reach us at philippe@secappdev.org.