SecAppDev 2025 lecture details
Using WebAssembly to run, extend, and secure your app
In this session we'll dig into WASM, how it works, it's security features and how we can use it to host, extend and secure our applications by running it the WebAssembly System Interface (WASI).
Schedule TBD
Abstract
WebAssembly (WASM) has evolved since 2017, enabling apps like Photoshop and .NET to run in browsers. Now, with WebAssembly System Interface (WASI), it extends to servers, supporting cloud workloads. Solomon Hykes even suggested Docker might not exist if WASM had been around in 2009. WASM’s security model includes sandboxing, linear memory, and capability-based access. This session covers WASM security foundation, integrating WASM modules into your applications and running a WASM module in a sandbox by limiting what it's allowed to do.
Key takeaway
Understanding WASM, it's security features and how leverage those by integrating it into your application/software.
Content level
Introductory
Target audience
Developers, Achitects and Application Security Professionals
Prerequisites
None
Join us for SecAppDev. You will not regret it!
Grab your seat now
Niels Tanis
Security Researcher, Veracode
Expertise: Application Security and software development
Join us for SecAppDev. You will not regret it!
Grab your seat nowRelated lectures
Leveraging the security model of the web
Introductory lecture by Philippe De Ryck
Web security is complex and evolving fast, with browsers playing a growing security role. This session explores core techniques to build secure apps and APIs, giving you the foundation to tackle more advanced web security topics.
Key takeaway: Learn how modern browsers approach security and how to build on that foundation to create secure web apps and APIs using proven core techniques.
Using AI to write Secure React.JS code
Deep-dive lecture by Jim Manico
In this talk, we will explore the massive potential of AI in secure code creation. This session will discuss techniques that will aid AI code creation engine to produce higher quality and more secure code.
Key takeaway: Actionable advice on using AI to generate secure code
Breaking and securing OAuth 2.0 in frontends
Deep-dive lecture by Philippe De Ryck
Using OAuth 2.0 in the frontend increases your attack surface. Learn why BFF is safer and how to defend against real-world token attacks.
Key takeaway: Frontend OAuth 2.0 patterns, even with token protections, leave apps exposed—real security comes from moving sensitive logic to a secure backend.