Welcome to the SecAppDev Academy
Initially, the SecAppDev Academy offers high-quality recordings of previous lectures at SecAppDev. Over time, we'll keep expanding the SecAppDev Academy with more recordings, but also handouts and lecture summaries.
This site is a work in progress. Expect new content, better navigation, and more resources over time. Got suggestions? Let us know.
Dive into the lecturesCheck out these lectures from SecAppDev 2024
Passkeys: the future of user authentication
Philippe De Ryck
User authentication has been a mess for ages. Attempts to fix it by adding more authentication factors might work, but is quite complex. But what if there's a world where we can replace this insecure first factor with single strong authentication mechanism? That's what passkeys promise to do! This session will dive head-first into passkeys. We not only explore passkeys from a user's perspective and a developer's perspective, but we also look at the mechanics under the hood. By the end of this session, you will understand how passkeys work and will know how to use them in your applications.
Watch LecturePractical cryptography with Tink
Neil Madden
There are many textbooks and courses to learn the theoretical foundations of cryptography, and particular constructions, but fewer dive into the details of how to translate that into working production code. In this session we will describe the challenges presented by traditional cryptography libraries, and the security vulnerabilities that can result from misuse. We will then examine modern hard-to-misuse libraries, focusing on Google’s Tink library. Particular attention is paid to key storage and management.
Watch LectureSecurity Signals - A framework to scale web security
Slawomir Goryczka
Ensuring the security of web applications developed by many different engineers requires a solid understanding of security details and can be quite hard to scale. Thus, a web security team should also own the rollouts of security features. This requires a mindset shift, and high-quality metrics and tools to perform such changes. In this session, we'll explore Security Signals, a framework for collecting and processing aggregated and de-identified traffic logs across all Google web properties. Using the adoption of strict CSP as an example, we will take a closer look at how all components work.
Watch LectureSecure coding: Back to Basics
Erlend Oftedal
In this lecture we will look at how we write and how we can influence the security of the code by writing it in a different way. We will look at constructs in the code and borrow a bit from modern Domain Driven Design to help make the code more secure. We will also challenge some of the ways developers typically write software. The lecture should be relevant to both junior and experienced developers.
Watch Lecture