Handouts - SecAppDev 2011

Lieven Desmet

• Advanced web application security
• Security of Web Mashups: a Survey (paper)
• CsFire: Transparent client-side mitigation of malicious cross-domain requests (paper)

Ken van Wyk

• Developing web applications as if operations mattered
• iPhone applications
• security testing
• hands-on security tools

John Steven

• Static code analysis
• Conducting code reviews
• Threat modelling and architectural risk analysis

Gunnar Peterson

• web services security
• Web services security checklist
• How to build visibility into your software for improved security and compliance
• Identity and access management
• Security architecture blueprint

Frank Piessens

• C and C++ vulnerability exploits and countermeasures
• C vulnerabilities lecture notes
• sandboxing untrusted code
• access control

Dan Wallach

• Computer security trends and applications
• QUIRE: Lightweight Provenance for Smart Phone Operating Systems (paper)
• Cool Crypto Tricks: Homomorphisms, Zero- Knowledge Proofs (LICT DLP program)
• VoteBox: A Tamper-Evident, Verifiable, Electronic Voting System (paper)
• Hash-based data structures for secure logging and other applications
• Authenticated Dictionaries: Real-World Costs and Tradeoffs (paper)
• Efficient Data Structures for Tamper-Evident Logging (paper)
• Smartphone applications
• Smartphone Security: Trends and Predictions

Claudia Diaz

• Privacy

Christophe Huygens

• software security business risk

Bart Van den Bosch

• data protection in hospitals

Bart Preneel

• Public Key Infrastructures
• new developments in cryptology
• network security protocols
• hash functions
• Entity authentication
• Cryptography best practices
• Cryptographic algorithms

Bart Jacobs

• Failboxes (slides)
• Failboxes (paper)

Pascal Van Cauwenberghe and Johan Peeters

• selling software security in your organization

Nelis Boucké and Alexander Helleboogh

• security as an architectural quality