February 18, 2019

SecAppDev 2019: Day 1

SecAppDev 2019: Day 1

I was really looking forward to the SecAppDev conference in Leuven, Belgium. There are not so many opportunities to attend security conferences in my home country, and certainly this one looked very appealing because it’s entirely focused on secure application development.

I heard a lot of good about SecAppDev from several people. And I must say the fist day entirely met the high expectations. After a 1 and a half hour drive I arrived at the Faculty club in Leuven, which is a very nice venue.

I got my badge and I started chatting with some people. I felt immediately at ease. The environment and informal atmosphere is really nice. I was a bit surprised as I expected a lot more people, but they keep the conference deliberately small so that it’s a really interactive one.

After the first coffee Jim Manico entered the building, and he even recognized me from Twitter. Really nice to meet Jim in real life. He’s a very nice guy, it entirely confirmed the image I already had about him.

I also had a chat with Jimmy Mesta, the CTO of Manicode and the business partner of Jim Manico. Like Jim, he gives several talks this weeks as well as a full day workshop about Kubernetes. He convinced me to follow his workshop, and he assured me it’s also for Kubernetes noobs like me ;-). I also shook hands and said hi to Jim Fenton, the author of the NIST SP 800–63 guidelines.

At 9 AM we went to the main conference room where Philippe De Ryck and Yo Peeters opened the conference.

The keynote was given by Seda Guerses. Her talk contained a lot of guidance on how you can build applications in such a way that the privacy requirements of the different stakeholders are met, based on 3 different research paradigms. This is particularly important because GDPR lacks detailed guidance on how to fulfill this requirement in applications.

After the coffee break, it was time for Philippe De Ryck’s talk about the security model of the web.

This talk was a talk mainly to lay the foundation for other web security talks at the conference. Philippe gave a real good talk on how we the security model can be leveraged for better security. Think about concepts like domain separation, origin isolation, secure cookie management, etc.

Then it was time for lunch. And I must say, this was excellent again. Real good food, nicely dressed table, great service. Quite a difference with the typical queuing for lunch you’re probably used to at conferences.

The one and half hour lunch break was another opportunity to meet some other people.

At 2 PM it was time for Jim Fenton’ s talk “A modern take on passwords”.

I was looking forward to this talk, not only because I’m very interested in the topic, but also because Jim Fenton is the author of the NIST SP 800–63 Digital Identies Guidelines. It was a very insightful talk. Certainly because you get to know more about the reasoning behind the guidelines.

Last but not least, Jim Manico gave a talk about the Owasp Proactive Controls. Jim is a joy to watch. He’s so energetic, no dull moments during his talk! Even if I know quite a bit about the OWASP top 10 (controls) I still learned a lot!

The first day was really awesome, nice venue, great people, awesome talks and delicious food!

Read the review of day 2 here