SecAppDev 2025 - Authorization
SecAppDev 2025 offers three days of in-depth lectures and two days of hands-on workshops. Use the buttons below to navigate between the topics.
AI / ML security
Threat modeling
OWASP top 10
Authorization
Architecture
Secure Coding
Supply chain security
API security
Web security
Governance
Application Security
OpenAPI as a security tool, not just documentation
Deep-dive lecture by Philippe De Ryck
OpenAPI specs are more than docs—they can drive API security. Learn how to use them in spec/code-first workflows to find vulnerabilities, guide audits, and power security tools for testing, attacks, and runtime protection.
Key takeaway: A well-crafted OpenAPI spec can uncover security issues, guide audits, and power tools for testing, making it a key asset in your API security strategy.
Breaking and securing OAuth 2.0 in frontends
Deep-dive lecture by Philippe De Ryck
Using OAuth 2.0 in the frontend increases your attack surface. Learn why BFF is safer and how to defend against real-world token attacks.
Key takeaway: Frontend OAuth 2.0 patterns, even with token protections, leave apps exposed—real security comes from moving sensitive logic to a secure backend.