SecAppDev 2024 - Secure Coding
SecAppDev 2024 offers three days of in-depth lectures and two days of hands-on workshops. Use the buttons below to navigate between the topics. The full schedule shows all sessions.
AI / ML security
Threat modeling
OWASP top 10
Authentication
Authorization
Architecture
Secure Coding
Supply chain security
API security
Web security
Cryptography
Governance
Application Security
Bulletproof APIs: Hands-On API Security
One-day workshop by Philippe De Ryck in room West Wing
Thursday June 6th, 09:00 - 17:30
As APIs become a big part of our tech world, making sure they're secure is key. The 2023 version of the OWASP API Security top 10 shows us that API security needs our attention. Building secure APIs requires developers and architects to really get API security, from the big picture down to the nitty-gritty details.
This workshop will teach you the skills you need! We're going to think like an attacker to test APIs and like a defender to figure out the best ways to protect them. With lectures, real-world demos, fun quizzes, and hands-on labs, you'll learn how to secure your APIs.
Learning goal: Gain hands-on security strategies for APIs, understand the root causes of threats, and learn to implement effective solutions. Master best practices and leave with a checklist to enhance your application's security.
Navigating the 2021 OWASP Top Ten for web security
One-day workshop by Jim Manico in room West Wing
Friday June 7th, 09:00 - 17:30
This workshop offers a deep dive into the OWASP Top 10 2021, essential for web developers and security professionals aiming to master secure coding practices. It elucidates the critical web application security risks, fostering a comprehensive understanding and implementation of defensive programming. Attendees will gain insights into the most prevalent security threats and the methodologies to mitigate them, ensuring the development of secure and resilient web applications.
Learning goal: Participants will master the OWASP Top 10 2021, learning to identify, understand, and mitigate the most critical web application security risks, thereby enhancing their secure coding skills.
Practical cryptography with Tink
Deep-dive lecture by Neil Madden in room West Wing
Monday June 3rd, 16:00 - 17:30
Learn how to translate cryptography know-how into robust working code that is easy to review. Avoid common implementation pitfalls by learning how to use the modern Tink cryptographic library.
Key takeaway: Learn how to use Tink to implement cryptographic features and protocols in a robust manner.
Building Secure ReactJS Applications
Deep-dive lecture by Jim Manico in room West Wing
Tuesday June 4th, 09:00 - 10:30
Learn to secure ReactJS apps against XSS, data leaks, and more. Dive into props, dangerouslySetInnerHTML, CSS, JSON, XSS protections, and SSR. Essential for safer development.
Key takeaway: Component dynamics, unescaped props, dangerouslySetInnerHTML, JavaScript URLs, CSS, JSON, XSS defenses, lazy loading, template injection, SSR.
Secure coding: Back to Basics
Deep-dive lecture by Erlend Oftedal in room West Wing
Tuesday June 4th, 16:00 - 17:30
Learn how to write more secure code by using a set of constructs that makes it easier to get things right.
Key takeaway: How we can write more secure code with less flaws by making changes to how we construct the code.