SecAppDev 2026 lecture details
OAuth 2.1 Best Practices
A practical and up-to-date overview of OAuth 2.1, covering core concepts, modern security best practices, and key extensions like PAR and DPoP, with guidance on applying them in real-world architectures and preparing for what’s coming next.
Schedule TBD
Abstract
OAuth 2.1 brings together the current best practices of OAuth 2.0 into a more secure and streamlined baseline, further augmented by security technologies such as PAR and DPoP. In this session, you will get an accurate and timely overview of what OAuth 2.1 means in practice. We revisit the core concepts, highlight key security improvements, and explain how these patterns fit into modern architectures. We also point to emerging developments and upcoming standards to help you stay ahead.
Key takeaway
Learn how to apply OAuth 2.1 best practices and supporting technologies to build secure applications and stay aligned with evolving standards.
Content level
Deep-dive
Target audience
Developers and architects designing, building, or securing applications that rely on OAuth.
Prerequisites
None, but familiarity with OAuth 2.0 concepts and flows will be helpful.
Join us for SecAppDev. You will not regret it!
Grab your seat now
Philippe De Ryck
Security Expert, Pragmatic Web Security
Expertise: Web security, API security, OAuth 2.0, OpenID Connect
Join us for SecAppDev. You will not regret it!
Grab your seat nowRelated lectures
Model Context Protocol (MCP) Security
Advanced lecture by Jim Manico
An introduction to the Model Context Protocol (MCP) and its security risks. Covers MCP architecture, threat models, and practical defenses to prevent prompt injection, tool abuse, and data leakage in AI tool integrations.
Key takeaway: Understand MCP risks and apply concrete controls to secure AI tool integrations and prevent prompt injection, tool abuse, and data exfiltration.
Demystifying CSP for Modern Applications
Deep-dive lecture by Philippe De Ryck
CSP is often seen as complex and frustrating. This session explains why most policies fail, how to fix them, and how to apply CSP effectively in modern applications, including single page apps.
Key takeaway: Understand why CSP often fails and learn how to implement it correctly with practical, actionable guidance.
Security by default - A European perspective on cyber resilience
Deep-dive lecture by Freddy Dezeure in room Lemaire
A technical deep dive into how Microsoft implements security, resilience, and regulatory compliance at scale—mapping NIS2, DORA, and Secure‑by‑Default principles to concrete controls, engineering processes, and tenant‑level protections
Key takeaway: Learn how regulatory requirements become enforceable controls, measurable metrics, and practical Secure‑by‑Default engineering across cloud systems