SecAppDev 2025 workshop details
No Size Fits All: Customized Application Security Tests
Learning goal: Learn how to find subtle, non-generic bugs in your code, make the most of open-source scanners, and set up smart security guardrails—all with practical techniques that fit into real-world development workflows.
Thursday June 5th, 09:00 - 17:30
Abstract
The interesting, important, and hard to find bugs are not generic. They often stem from unique business logic, so they require familiarity with the product.
Instead of getting frustrated with generic scans that barely find obvious problems and flood you with false positives, you can run custom checks that find what you care about. In this course, you'll learn how to take your internal knowledge and write custom, tailored scans that will work for you, across the whole codebase.
You’ll leave the course with clear understanding how to customize automated security tests for your code efficiently.
Content overview
- Methodology of customized static analysis
- Finding significant patterns in your code and narrowing your search
- Optimizing assisted manual search through your whole codebase at once
- Finding generic flaws in non-generic code flows
- Crafting custom security rules specifically designed for the application's business logic
- Custom scanning for relevant dependency vulnerabilities
- Root cause analysis
- Finding the places where custom, application specific, security mechanisms are not implemented correctly
- Security guardrails for developer code
Content level
Deep-dive
Target audience
Anyone who wants to protect the source code of their app, search for vulnerabilities manually, and build a mature scanning programme, including developers, architects, engineering leads, security champions, and product security specialists
Prerequisites
Familiarity with at least one coding language, familiarity with common web application vulnerabilities and how they appear in source code
Technical requirements
Laptop with internet, and permissions to install software (Linux / Mac OS / Windows with WSL2), root permissions (VM okay), and a personal GitHub account
Join us for SecAppDev. You will not regret it!
Grab your seat now
Avi Douglen
CEO and Application Security Specialist, OWASP Board of Directors, Bounce Security & OWASP
Expertise: Product security, Threat modeling, value driven strategy, and tigger-themed Dad jokes
Join us for SecAppDev. You will not regret it!
Grab your seat nowOther workshops
Hands-on deep-dive into frontend security
One-day workshop by Philippe De Ryck
Friday June 6th, 09:00 - 17:30
Modern web applications rely heavily on frontend code, making browser security mechanisms crucial for protecting users and data. This hands-on workshop takes a deep dive into advanced frontend security for Angular / React / Vue applications.
Participants will explore real-world attack scenarios and implement defenses through guided exercises. Designed for developers and security professionals, this workshop blends academic depth with practical application, equipping attendees with the skills to secure modern frontends effectively.
Learning goal: Understand and apply state-of-the-art security mechanisms to protect modern frontends from real-world threats.
Secure Coding Workshop
One-day workshop by Jim Manico
Friday June 6th, 09:00 - 17:30
This hands-on workshop teaches developers the principles of secure coding, focusing on real-world attack scenarios and defense strategies. Participants will learn to identify and mitigate vulnerabilities such as injection flaws, XSS, authentication weaknesses, and insecure dependencies. Using AI code generators and security tools, attendees will strengthen their ability to write robust, secure applications.
Ideal for developers looking to enhance their security mindset and build software that withstands modern threats.
Learning goal: Attendees will learn to build secure APIs by preventing injection attacks, managing third-party risks, OAuth2 basics, securing React integrations, and handling file uploads safely. They will also explore AI-assisted code generation.
LLM Security Bootcamp: Foundations, Threats, and Defensive Techniques
One-day workshop by Thomas Vissers and Tim Van Hamme
Thursday June 5th, 09:00 - 17:30
Large Language Models (LLMs) open up a new realm of possibilities in application development, but they also pose significant challenges. Their non-deterministic nature and broad use cases complicate testing, while unpredictable failures (“hallucinations”) and novel attack vectors (“prompt injections”) add risk.
This workshop covers LLM-based applications, highlights unique threats, and offers hands-on testing and hardening techniques. Attendees will learn to set up and secure basic LLM-driven solutions in their organizations.
Learning goal: Learn how LLM applications work and are architected, the unique security challenges they introduce, and the current best practices in LLM security—along with their limitations.