SecAppDev 2025 - Governance
SecAppDev 2025 offers three days of in-depth lectures and two days of hands-on workshops. Use the buttons below to navigate between the topics.
AI / ML security
Threat modeling
OWASP top 10
Authorization
Architecture
Secure Coding
Supply chain security
API security
Web security
Governance
Application Security
OpenAPI as a security tool, not just documentation
Deep-dive lecture by Philippe De Ryck
OpenAPI specs are more than docs—they can drive API security. Learn how to use them in spec/code-first workflows to find vulnerabilities, guide audits, and power security tools for testing, attacks, and runtime protection.
Key takeaway: A well-crafted OpenAPI spec can uncover security issues, guide audits, and power tools for testing, making it a key asset in your API security strategy.
The Bug Bounty Effect: From DevSecOops to Success!
Deep-dive lecture by Emil Vaagland
Discover how bug bounty programs outperforms traditional AppSec tools by uncovering more vulnerabilities at lower cost. We share real-world examples, strategies, and challenging takes on conventional security practices.
Key takeaway: Bug bounty programs are essential and should be the key ingredient in modern AppSec programs.
Reviewing 3rd party libraries security using Scorecards
Introductory lecture by Niels Tanis
We rely on 3rd party libraries which results in security risks. OpenSSF’s Scorecard helps assess package security. This session explores its checks and additional insights to strengthen supply-chain security.
Key takeaway: Understanding how to leverage the OpenSSF Scorecard to review used 3rd party libraries more easily.