SecAppDev 2025 - Secure Coding
SecAppDev 2025 offers three days of in-depth lectures and two days of hands-on workshops. Use the buttons below to navigate between the topics.
AI / ML security
Threat modeling
OWASP top 10
Authorization
Architecture
Secure Coding
Supply chain security
API security
Web security
Governance
Application Security
Hands-on deep-dive into frontend security
One-day workshop by Philippe De Ryck
Friday June 6th, 09:00 - 17:30
Modern web applications rely heavily on frontend code, making browser security mechanisms crucial for protecting users and data. This hands-on workshop takes a deep dive into advanced frontend security for Angular / React / Vue applications.
Participants will explore real-world attack scenarios and implement defenses through guided exercises. Designed for developers and security professionals, this workshop blends academic depth with practical application, equipping attendees with the skills to secure modern frontends effectively.
Learning goal: Understand and apply state-of-the-art security mechanisms to protect modern frontends from real-world threats.
Secure Coding Workshop
One-day workshop by Jim Manico
Friday June 6th, 09:00 - 17:30
This hands-on workshop teaches developers the principles of secure coding, focusing on real-world attack scenarios and defense strategies. Participants will learn to identify and mitigate vulnerabilities such as injection flaws, XSS, authentication weaknesses, and insecure dependencies. Using AI code generators and security tools, attendees will strengthen their ability to write robust, secure applications.
Ideal for developers looking to enhance their security mindset and build software that withstands modern threats.
Learning goal: Attendees will learn to build secure APIs by preventing injection attacks, managing third-party risks, OAuth2 basics, securing React integrations, and handling file uploads safely. They will also explore AI-assisted code generation.
The Bug Bounty Effect: From DevSecOops to Success!
Deep-dive lecture by Emil Vaagland
Discover how bug bounty programs outperforms traditional AppSec tools by uncovering more vulnerabilities at lower cost. We share real-world examples, strategies, and challenging takes on conventional security practices.
Key takeaway: Bug bounty programs are essential and should be the key ingredient in modern AppSec programs.
Using AI to write Secure React.JS code
Deep-dive lecture by Jim Manico
In this talk, we will explore the massive potential of AI in secure code creation. This session will discuss techniques that will aid AI code creation engine to produce higher quality and more secure code.
Key takeaway: Actionable advice on using AI to generate secure code