SecAppDev 2026 lecture details
Demystifying CSP for Modern Applications
CSP is often seen as complex and frustrating. This session explains why most policies fail, how to fix them, and how to apply CSP effectively in modern applications, including single page apps.
Schedule TBD
Abstract
Content Security Policy, or CSP, has been around for more than a decade. We’re all familiar with it in one way or another: struggling to implement it, being called out for missing it, or debating whether 'unsafe-inline' is really unsafe. In a nutshell, CSP is messy and complicated. But it doesn’t have to be. In this session, you will learn why most CSP policies are ineffective, how to configure CSP correctly, and how to build a backwards compatible policy. We also cover deploying CSP in modern single page applications.
Key takeaway
Understand why CSP often fails and learn how to implement it correctly with practical, actionable guidance.
Content level
Deep-dive
Target audience
Developers and security professionals working on modern web applications.
Prerequisites
None
Join us for SecAppDev. You will not regret it!
Grab your seat now
Philippe De Ryck
Security Expert, Pragmatic Web Security
Expertise: Web security, API security, OAuth 2.0, OpenID Connect
Join us for SecAppDev. You will not regret it!
Grab your seat nowRelated lectures
Security by default - A European perspective on cyber resilience
Deep-dive lecture by Freddy Dezeure in room Lemaire
A technical deep dive into how Microsoft implements security, resilience, and regulatory compliance at scale—mapping NIS2, DORA, and Secure‑by‑Default principles to concrete controls, engineering processes, and tenant‑level protections
Key takeaway: Learn how regulatory requirements become enforceable controls, measurable metrics, and practical Secure‑by‑Default engineering across cloud systems
OAuth 2.1 Best Practices
Deep-dive lecture by Philippe De Ryck
A practical and up-to-date overview of OAuth 2.1, covering core concepts, modern security best practices, and key extensions like PAR and DPoP, with guidance on applying them in real-world architectures and preparing for what’s coming next.
Key takeaway: Learn how to apply OAuth 2.1 best practices and supporting technologies to build secure applications and stay aligned with evolving standards.
EU CRA: Survival Workshop for Enterprise & Open Source
Deep-dive lecture by Roman Zhukov
A practical deep-dive into the EU CRA for Enterprise and Open Source. Features interactive "In Scope?", "Who Am I?" and a “Live Gap-Analysis” exercises to help navigating your compliance confidently.
Key takeaway: Transform CRA rules from a legal burden into an engineering advantage using open standards, clear role mapping, and practical guidelines.