Application Security 2022

On Thursday morning June 16th, the following renowned speakers gave a summary presentation of their lectures:

• Jim Manico, Founder and Secure Coding Educator @Manicode Security. Topic: From the OWASP Top 10 to the OWASP ASVS (Application Security Verification Standard)
• Stefaan Van daele, Executive Security Architect @IBM. Topic: Enterprise security architecture and app development
• Mykyta Petik, Researcher, CiTiP @KU Leuven. Topic: Implementing GDPR in software projects
• Griet Verhenneman, Data Protection Officer – Research Fellow, University Hospitals Leuven, KU Leuven – CiTiP. Topic: Privacy and ethics in secondary use of sensitive data

In the afternoon, Cyber Security Coalition members zoomed in on one of the themes of SecAppDev, namely web security and explained how a holistic approach can be realised.

Next to security by design and development, testing is obviously always needed. The first step is the traditional pen-testing, but this is limited in scope and in time. Stijn Jans (founder & CEO @Intigriti) explained and demonstrated how continuous testing can be performed via a bug bounty ethical hacking platform.

After this demo, Bruno De Legher (Information Security Officer @Telenet) elaborated on a specific customer case on how to use the bug bounty platform to improve the security posture.

The bug bounty programme solves the problem of “limited in time testing” but it is still defined for a specific scope. To solve the scope challenge, the external attack surface needs continuous mapping and monitoring. Stijn Vande Casteele (founder & CEO @Sweepatic) elaborated several methodologies how to cope with this.

To conclude our afternoon programme, Axel Legay (professor @UCL) presented concrete cyber security projects that can be realised thanks to the CyberWal initiative.