SecAppDev 2025 lecture details
The Engineer’s Guide to Data Privacy
In this session we will walk through the engineer’s toolbox for protecting different types of data against common privacy threats. The talk is informed by existing practical tools as well as by modern research on data privacy.
Wednesday June 4th, 14:00 - 15:30
Room Lemaire
Abstract
Privacy might seem like someone else's concern: lawyers, security architects, designers, and users themselves who agree to the terms. But once data is collected, developers play a direct role in its protection. This talk frames data privacy as an engineering problem. You will learn how different kinds of data require different privacy-enhancing strategies, accounting for common real-world threats (e.g., re-identification, inference, behavioral profiling) and aiming for adequate privacy-utility trade-offs. You will leave the talk with a concrete toolbox for building privacy-conscious systems.
Key takeaway
Privacy is an engineering responsibility, not only a legal or design issue. Privacy-preserving techniques are accessible and implementable today.
Content level
Deep-dive
Target audience
Engineers, developers, decision-makers, and anyone involved in shaping how user data is handled.
Prerequisites
Some familiarity with data engineering and a basic understanding of security concepts.
Join us for SecAppDev. You will not regret it!
Grab your seat now
Vera Rimmer
Research expert, DistriNet, KU Leuven
Expertise: Computer security and privacy, applied machine learning and deep learning
Join us for SecAppDev. You will not regret it!
Grab your seat nowRelated lectures
My Name Is Not Cassandra: AppSec and "I Told You So"
Advanced lecture by Izar Tarandach in room Lemaire
Wednesday June 4th, 16:00 - 17:15
Lack of authority, an outsider's view of the development process and a faulty language of risk..Are security practitioners fated to point at risk and not be heard?
Key takeaway: "Raw" security can be fun, but does not lead to change. We must adapt our ways in order to impact the environment we want to protect.
OpenAPI as a security tool, not just documentation
Deep-dive lecture by Philippe De Ryck in room Lemaire
Monday June 2rd, 16:00 - 17:30
OpenAPI specs are more than docs—they can drive API security. Learn how to use them in spec/code-first workflows to find vulnerabilities, guide audits, and power security tools for testing, attacks, and runtime protection.
Key takeaway: A well-crafted OpenAPI spec can uncover security issues, guide audits, and power tools for testing, making it a key asset in your API security strategy.
The Bug Bounty Effect: From DevSecOops to Success!
Deep-dive lecture by Emil Vaagland in room Lemaire
Tuesday June 3th, 09:00 - 10:30
Discover how bug bounty programs outperforms traditional AppSec tools by uncovering more vulnerabilities at lower cost. We share real-world examples, strategies, and challenging takes on conventional security practices.
Key takeaway: Bug bounty programs are essential and should be the key ingredient in modern AppSec programs.