SecAppDev 2025 lecture details
OpenAPI as a security tool, not just documentation
OpenAPI specs are more than docs—they can drive API security. Learn how to use them in spec/code-first workflows to find vulnerabilities, guide audits, and power security tools for testing, attacks, and runtime protection.
Monday June 2rd, 16:00 - 17:30
Room Lemaire
Abstract
OpenAPI specifications are more than just documentation—they can be a powerful foundation for improving your application's security.
This talk explores how to effectively use OpenAPI in both code-first and spec-first workflows. We’ll discuss how well-crafted specs help uncover security issues, guide audits, and power security tools for testing, automated attacks, and even runtime protection. You’ll walk away with practical insights into turning your API specs into a security asset, not just a developer convenience.
Key takeaway
A well-crafted OpenAPI spec can uncover security issues, guide audits, and power tools for testing, making it a key asset in your API security strategy.
Content level
Deep-dive
Target audience
Anyone designing, building, and securing APIs
Prerequisites
Experience with building APIs is useful, but not required.
Join us for SecAppDev. You will not regret it!
Grab your seat now
Philippe De Ryck
Security Expert, Pragmatic Web Security
Expertise: Web security, API security, OAuth 2.0, OpenID Connect
Join us for SecAppDev. You will not regret it!
Grab your seat nowRelated lectures
My Name Is Not Cassandra: AppSec and "I Told You So"
Advanced lecture by Izar Tarandach in room Lemaire
Wednesday June 4th, 16:00 - 17:15
Lack of authority, an outsider's view of the development process and a faulty language of risk..Are security practitioners fated to point at risk and not be heard?
Key takeaway: "Raw" security can be fun, but does not lead to change. We must adapt our ways in order to impact the environment we want to protect.
The Bug Bounty Effect: From DevSecOops to Success!
Deep-dive lecture by Emil Vaagland in room Lemaire
Tuesday June 3th, 09:00 - 10:30
Discover how bug bounty programs outperforms traditional AppSec tools by uncovering more vulnerabilities at lower cost. We share real-world examples, strategies, and challenging takes on conventional security practices.
Key takeaway: Bug bounty programs are essential and should be the key ingredient in modern AppSec programs.
The Engineer’s Guide to Data Privacy
Deep-dive lecture by Vera Rimmer in room Lemaire
Wednesday June 4th, 14:00 - 15:30
In this session we will walk through the engineer’s toolbox for protecting different types of data against common privacy threats. The talk is informed by existing practical tools as well as by modern research on data privacy.
Key takeaway: Privacy is an engineering responsibility, not only a legal or design issue. Privacy-preserving techniques are accessible and implementable today.