Lectures at SecAppDev 2025

In this session, we will overview the general security landscape of AI technologies, including foundational machine learning, deep learning, and large language models.

Key takeaway: Integrating AI inevitably increases the threat landscape of a system. Understanding how AI can be exploited is key to developing effective mitigations

OpenAPI specs are more than docs—they can drive API security. Learn how to use them in spec/code-first workflows to find vulnerabilities, guide audits, and power security tools for testing, attacks, and runtime protection.

Key takeaway: A well-crafted OpenAPI spec can uncover security issues, guide audits, and power tools for testing, making it a key asset in your API security strategy.

Discover how bug bounty programs outperforms traditional AppSec tools by uncovering more vulnerabilities at lower cost. We share real-world examples, strategies, and challenging takes on conventional security practices.

Key takeaway: Bug bounty programs are essential and should be the key ingredient in modern AppSec programs.

We rely on 3rd party libraries which results in security risks. OpenSSF’s Scorecard helps assess package security. This session explores its checks and additional insights to strengthen supply-chain security.

Key takeaway: Understanding how to leverage the OpenSSF Scorecard to review used 3rd party libraries more easily.

Web security is complex and evolving fast, with browsers playing a growing security role. This session explores core techniques to build secure apps and APIs, giving you the foundation to tackle more advanced web security topics.

Key takeaway: Learn how modern browsers approach security and how to build on that foundation to create secure web apps and APIs using proven core techniques.

In this talk, we will explore the massive potential of AI in secure code creation. This session will discuss techniques that will aid AI code creation engine to produce higher quality and more secure code.

Key takeaway: Actionable advice on using AI to generate secure code

In this session we'll dig into WASM, how it works, it's security features and how we can use it to host, extend and secure our applications by running it the WebAssembly System Interface (WASI).

Key takeaway: Understanding WASM, it's security features and how leverage those by integrating it into your application/software.

Using OAuth 2.0 in the frontend increases your attack surface. Learn why BFF is safer and how to defend against real-world token attacks.

Key takeaway: Frontend OAuth 2.0 patterns, even with token protections, leave apps exposed—real security comes from moving sensitive logic to a secure backend.