SecAppDev 2025 - Threat modeling
SecAppDev 2025 offers three days of in-depth lectures and two days of hands-on workshops. Use the buttons below to navigate between the topics. The full schedule shows all sessions.
AI / ML security
Threat modeling
OWASP top 10
Authorization
Architecture
Secure Coding
Supply chain security
API security
Web security
Cryptography
Governance
Application Security
Identity
Privacy
LLM Security Bootcamp: Foundations, Threats, and Defensive Techniques
One-day workshop by Thomas Vissers and Tim Van Hamme and Laurens Sion in room Lemaire
Thursday June 5th, 09:00 - 17:30
Large Language Models (LLMs) open up a new realm of possibilities in application development, but they also pose significant challenges. Their non-deterministic nature and broad use cases complicate testing, while unpredictable failures (“hallucinations”) and novel attack vectors (“prompt injections”) add risk.
This workshop covers LLM-based applications, highlights unique threats, and offers hands-on testing and hardening techniques. Attendees will learn to set up and secure basic LLM-driven solutions in their organizations.
Learning goal: Learn how LLM applications work and are architected, the unique security challenges they introduce, and the current best practices in LLM security—along with their limitations.
Threat Modeling for Intimate Partner Abuse
Introductory lecture by Eva Galperin in room Lemaire
Monday June 2nd, 09:15 - 10:30
Most developers don't think of protection against domestic abusers as part of a product's security and they should.
Key takeaway: The intimate partner abuse threat model is different other models in important and unexpected ways.
Get out of your Bubble: Collaborative Threat Modeling
Deep-dive lecture by Avi Douglen in room Lemaire
Tuesday June 3rd, 16:00 - 17:30
Threat modeling by yourself is great - noone is there to tell you you're wrong. But if you want to discover nontrivial issues, the ones you'd not have on your checklist, you'll need to engage with others. But too often we chase them away.
Key takeaway: Threat modeling is not JUST a technical activity, and should intentionally leverage social techniques to maximize stakeholders participation.
Continuous Threat Modeling: Let Developers Figure It Out
Deep-dive lecture by Izar Tarandach in room West Wing
Monday June 2nd,
14:00 - 15:30
Also available as a recorded session on
Tuesday June 3rd,
09:00 - 10:30
Continuous Threat Modeling for Developers. They're creating the problems, let them create the solution! No, really - enable them to see the security value of the stories they work on, what could go wrong, and what to do about them.
Key takeaway: Threat Modeling should not be a one-shot-and-done activity by security experts. It needs to be continuous, at the developer level.
Continuous Threat Modeling: Let Developers Figure It Out
Deep-dive lecture by Izar Tarandach in room Heilige-Geesttafel
Tuesday June 3rd,
09:00 - 10:30
Also available as a recorded session on
Tuesday June 3rd,
09:00 - 10:30
Continuous Threat Modeling for Developers. They're creating the problems, let them create the solution! No, really - enable them to see the security value of the stories they work on, what could go wrong, and what to do about them.