White paper

Application Security 2024

For the sixth time, the Cyber Security Coalition organized a joint event with SecAppDev, offering members a unique glimpse into the forefront of cybersecurity research and practice. In the morning, SecAppDev guest speakers provided exclusive previews of their SecAppDev course lectures. In the afternoon, the programme was curated by the Application Security Focus Group permanent chair.  

Externalizing authorization in a diverse application landscape using OPA 

Michael Boeynaems (Splynter, AP Hogeschool) 

Michael Boeynaems is a cyber security expert and enthusiast with a keen interest in delivering cyber security solutions that provide sustainable benefits to organizations. His expertise ranges from tackling high-level architectural challenges to providing secure technical implementations. He co-founded Splynter and has been a guest professor at AP Hogeschool Antwerpen for the past five years, teaching cyber security courses on software, network and web application security. Michael is CISM, CISSP and OSCP certified, and he is a co-chair of the Cyber Security Coalition Enterprise Security Architecture Focus Group. 

 Jasper Rots (Splynter) 

Jasper Rots is a cyber security architect with a background in cryptography, privacy, secure development and protocols. He has a proven track record as a teacher and workshop facilitator and this in both online and offline settings. Furthermore, he has three years of experience as a teaching assistant at the KU Leuven. He focuses nowadays on making cyber security apprehensible for everyone. 


Building Secure ReactJS Applications: Mastering Advanced Security Techniques 

Jim Manico (Manicode Security) 

Jim Manico is the founder of Manicode Security where he trains software developers on secure coding and security engineering. He is also an investor/advisor for KSOC, Nucleus Security, Signal Sciences, and BitDiscovery. Jim is a frequent speaker on secure software practices, is a Java Champion, and is the author of ‘Iron-Clad Java – Building Secure Web Applications’ from Oracle Press. Jim also volunteers for OWASP as the project co-lead for the OWASP ASVS and the OWASP Proactive Controls. 


Security Signals – A framework to scale web security 

Slawomir Goryczka (Google) 

Slawomir Goryczka is a software engineer at Google’s Information Security Engineering team with academic and industry experience in anonymization, privacy, and web security. He is working with professionals from different focus areas to measure coverage, quality, and accuracy of security and privacy mitigations with a strong focus on the web. He is very excited about data driven security engineering and research in a scalable and distributed ecosystem. 


Introduction to Macaroons 

Neil Madden (Illuminated Security Ltd)  

Neil Madden is the founder and CEO of Illuminated Security Ltd. and the author of API Security in Action. Neil was previously the Security Architect for ForgeRock and is an active contributor to the OAuth and JOSE Working Groups at the IETF. In 2021, Neil discovered a critical vulnerability in Java’s elliptic curve digital signature algorithm (ECDSA), which was dubbed the “cryptography bug of the year” and named as one of the top 10 web hacking techniques of 2022. Neil has a PhD in Computer Science and lives in the Cotswolds, England with his wife and daughter. 


Security in the LLM Era: the Good, the Bad and the Ugly  

Tim Van Hamme (KU Leuven – Distrinet) 

Tim Van Hamme is a post-doctoral researcher with the DistriNet research group at KU Leuven. His work focuses on building secure and trustworthy systems using machine learning. Tim has authored and co-authored numerous publications in the fields of biometrics, adversarial machine learning, and the application of machine learning for IT security. 

 Thomas Vissers (KU Leuven) 

Thomas Vissers specializes in the dynamic intersection of cybersecurity and AI. Previously at Cloudflare, he served as an engineering leader for AI-driven security products, scaling innovations to protect millions of internet users worldwide. At KU Leuven, Thomas is now focused on empowering organizations to securely leverage AI with research-backed security strategies. 


Scaling the Application Security Programme of a Fortune 500 Company with OWASP SAMM 

Aram Hovsepyan (Codific) 

Aram Hovsepyan is the founder and CEO of Codific – a Flemish cybersecurity product firm. With over 15 years of experience, he has a proven track record in building complex software systems by explicitly focusing on software security. Codific’s flagship product, Videolab, is a secure multimedia sharing platform for sharing doctor-patient interactions used by many medical institutions across Western Europe for soft-skills training. Aram has a PhD in Computer Sciences from DistriNet KU Leuven, which provides him with a broad knowledge of the security landscape. His contributions to the refinement and streamlining of the LINDDUN privacy engineering methodology have been incorporated into ISO and NIST standards. Aram is a core team member of the OWASP SAMM project, which has become an industry-standard AppSec management programme. 



Integrating privacy by design in the SDLC 

Bart van Buitenen (Dasprive) 

Bart van Buitenen is a director at Dasprive vzw and a lecturer in privacy and information security at Thomas More University College and has been working full time in data protection and cybersecurity since 2011.  As a consultant, Bart has worked as a CISO/DPO in many software development organizations over the years.