White paper

Application Security 2023

For the fifth time, the Cyber Security Coalition cooperated with SecAppDev and to organize a joined experience sharing event in the stunning environment of the Faculty Club in Louvain.

Morning programme: 

The following industry experts participating in the 2023 SecAppDev course gave a summary presentation of their lectures for our members participating in the event:

Gary McGraw, CEO Berryville Institute of Machine Learning

Gary McGraw is author of the bestselling security books: Software Security (Addison-Wesley, 2006), Exploiting Software (Addison-Wesley, 2004), Building Secure Software (Addison-Wesley, 2001), Java Security (Wiley, 1996) and seven other books. CEO and Founder of the Berryville Institute of Machine Learning, Dr. McGraw is a world authority in software and application security.

Lukas Weichelsbaum, Senior staff security engineer, Google

Lukas Weichselbaum is a senior staff tech lead and manager at Google’s Information Security Engineering team with over a decade of industry experience and regularly speak at infosec and developer conferences. At Google, he leads a team of 10+ professionals focusing on securing Google’s web ecosystem by making web frameworks secure by default and by deploying web platform security features like CSP, Fetch Metadata, Trusted Types, COOP, etc. at scale. As a member of W3C WebAppSec WG, Lukas is passionate about improving the security of the web platform as a whole and contributed to specifications such as CSP3.

Abhay Bhargav, Founder and Chief Research Officer, AppSecEngineer

Abhay Bhargav, Founder & CRO of AppSecEngineer, specializes in AppSec, Cloud-Native Security, Kubernetes Security & DevSecOps training. With a start in pentesting & red-teaming, Abhay now focuses on scaling AppSec through innovative solutions. He pioneered the world’s first hands-on DevSecOps training programme, emphasizing AppSec Automation, and actively researches new technologies’ impact on security. A sought-after speaker and trainer at events like DEF CON, BlackHat, and OWASP AppSec, Abhay has also authored publications on Java Security and PCI Compliance.

Claudio Merloni, Security research manager, Semgrep and Pieter De Cremer, Senior security researcher, Semgrep

Claudio Meloni is a veteran security expert. After completing his Master in Computer Engineering at the Politecnico di Milano University, he started a now more than 15-year long journey in the security space. Security consultant first, then moving through different roles, from sales engineering to security research and product engineering. He fell in love with static source code analysis early on and spent most of his career working with, and on, the leading solutions. He is now leading the security research team at Semgrep, and trying to make the world a safer place, one rule at a time.

Pieter De Cremer’s career started as an intern at Secure Code Warrior where he wrote more than 100 rules for their security tool, Sensei. He was closely involved in the early designs of the tool and after graduating, Pieter decided to pursue a PhD at this company. During his research, Pieter designed, implemented, and evaluated improvements for both training and tools provided by SCW. Currently Pieter works as a Security Researcher at Semgrep, he frequently presents and hosts workshops at conferences such as BruCON and OWASP BeNeLux.


Afternoon programme:

Jesse van der Zweep

Jesse van der Zweep is researching and building solutions that improve the security of machine learning models. He has an academic background in AI and extensive, practical pen-testing experience. For the past few years, he has been working on the intersection of cybersecurity and machine learning. He is currently building an adversarial machine learning platform at NavInfo Europe.

Kim Wuyts

Kim Wuyts is a senior privacy researcher at the imec-DistriNet research group at KU Leuven (Belgium). She has more than 15 years of experience in security and privacy engineering. Kim is one of the driving forces behind the development and extension of LINDDUN, a privacy threat modelling framework. She is also a co-author of the Threat Modelling Manifesto, programme co-chair of the International Workshop on Privacy Engineering (IWPE), and a member of ENISA’s working group on Data Protection Engineering.

Sebastien Deleersnyder

Sebastien Deleersnyder, also known as Seba, is a highly accomplished individual in the field of cybersecurity. He is the CTO and co-founder of Toreon, as well as the COO and lead threat modelling trainer of Data Protection Institute. Seba holds a Master’s degree in Software Engineering from the University of Ghent and has extensive experience in the development and training of secure software. He is the founder of the Belgian chapter of OWASP and a former member of the OWASP Foundation Board. In 2022, Seba was honoured as Belgium’s Cyber Security Personality of the Year by the Cyber Security Coalition, where he currently serves as the chair of the new Application Security focus group. Through his leadership on OWASP projects such as OWASP SAMM, Seba has made a significant impact in improving global security. He is currently focused on adapting application security models to the evolving landscape of DevOps and raising awareness of the importance of threat modelling among a wider audience.

Mark Curphey

Mark Curphey is the co-founder and Chief Marketing Officer at Crash Override, a venture backed security startup founded in 2022. Mark is a well-known security expert, author, and public speaker. He has more than 25 years of experience in the security and software development fields holding executive leadership, technical leadership and community advocacy roles. Prior to Crash Override he was the co-founder and CPO/CTO of Open Raven, a data classification company, founder and CEO of SourceClear (acquired by Veracode in 2018) the first pure play security software composition analysis company and led the MSDN subscription team at Microsoft. In 2002, he founded the Open Web Application Security Project, the de facto online community dedicated to improving software security. He has a Master’s Degree In Information Security from Royal Holloway and Bedford New College, University of London. Mark lives in the UK.