An Introduction to Threat Modeling

Date: 13/09/2024

Speaker: Koen Yskout

• This talk introduces 'threat modeling', one of the core techniques in the secure software development lifecycle. It sheds light on what threat modeling entails, where it fits in the SDLC, what benefits it brings, and how to get started. The talk also incorporates findings from a recent research project that investigates the current state of practice in large Dutch organizations regarding threat modeling, and shares their lessons learned. [video]

Leveraging Product Management to Shift Left in Small SaaS Teams

Date: 10/10/2024

Speaker: Nick Boucart

• Historically, security wasn't always a top priority for most small SaaS teams, feature development was. Upcoming legislation like NIS2, CRA, ... is increasing the pressure on the teams, not from the legislation itself, but from corporate customers who are becoming much more demanding. In this presentation we will argue that integrating security requirements early ("shifting left") should be driven by product management, as they have the best understanding of customer concerns from both feature and security perspectives. This understanding can drive investment in application security (appsec) and prioritize it on the roadmap. Product managers typically know the value of the data managed by the SaaS, whether it is crucial or peripheral to customers. [video]

Keeping pace with OAuth's Evolving Security Practices

Date: 18/10/2024

Speaker: Pieter Philippaerts

• OAuth 2.0, introduced in 2012, is now the de facto standard for API authorization. Over time, its security guidance has evolved to address new threats and use cases. This session covers the latest OAuth 2.0 security best practices and highlights upcoming changes to the standard, ensuring you stay ahead in securing your applications. [video]

An Overview of Threat Modeling Tools

Date: 24/04/2025

Speakers: Tatiana Galibus and Laurens Sion

• This webinar explores how tools can support effective threat modeling in practice. The session introduces what to expect from threat modeling tools and highlights several popular solutions that can streamline the process, presented by Sirris. It also takes a closer look at the SPARTA tool developed by DistriNet, showcasing its capabilities and how it helps organizations structure and automate their threat modeling efforts. [video]

OpenAPI as a Security Tool

Date: 15/05/2025

Speaker: Philippe De Ryck

• OpenAPI specifications are more than just documentation—they can be a powerful foundation for improving your application's security. This talk explores how to effectively use OpenAPI in both code-first and spec-first workflows. We’ll discuss how well-crafted specs help uncover security issues, guide audits, and power security tools for testing, automated attacks, and even runtime protection. You'll walk away with practical insights into turning your API specs into a security asset, not just a developer convenience. [video]

NIS 2, DORA, and "the likes"

Date: 13/06/2025

Speakers: Koen Vranckaert and Eyup Kun

• To ensure adequate cybersecurity of hardware and software across the EU, the EU legislator has adopted many new regulations, including but not limited to NIS 2, DORA, the AI Act and the Cybersecurity Act. However, the impact on those businesses, especially SMEs, remains to be seen and can constitute a major source of uncertainty to conduct business in the EU. This seminar provides a bird's eye view of the new cybersecurity rules governing software, hardware and process design, focusing especially on the needs of small and medium enterprises (SMEs). [video]

Introduction to SAMM

Date: 11/09/2025

Speaker: Aram Hovsepyan

• OWASP SAMM – the Software Assurance Maturity Model – offers an effective, measurable way to analyze and improve an organization's secure development lifecycle. In this session, Aram Hovsepyan, CEO of Codific and one of the driving forces behind SAMM, provides a clear introduction to the model and explains how it helps organizations identify where their security investments deliver the greatest value. [video]