White paper

Application Security 2022

In June 2022, the 16th edition of the yearly SecAppDev course took place in Leuven. As usual, experts from industry and academia (The SecAppDev Course) taught about various aspects of secure application development. At SecAppDev, developers, architects, and technical managers got a unique deep-dive into current best practices for security.

For the fourth time, the Cyber Security Coalition had the honour to collaborate with SecAppDev and to organize a joined event at the same venue during half a day. On Thursday morning June 16th, the following renowned speakers gave a summary presentation of their lectures:

Jim Manico, Founder and Secure Coding Educator @Manicode Security.

Topic: From the OWASP Top 10 to the OWASP ASVS (Application Security Verification Standard)


Stefaan Van daele, Executive Security Architect @IBM

Topic: Enterprise security architecture and app development


Mykyta Petik, Researcher, CiTiP @KU Leuven

Topic: Implementing GDPR in software projects


Griet Verhenneman, Data Protection Officer – Research Fellow, University Hospitals Leuven, KU Leuven – CiTiP

Topic: Privacy and ethics in secondary use of sensitive data


In the afternoon, Cyber Security Coalition members zoomed in on one of the themes of SecAppDev, namely web security and explained how a holistic approach can be realised.

Next to security by design and development, testing is obviously always needed. The first step is the traditional pen-testing, but this is limited in scope and in time. Stijn Jans (founder & CEO @Intigriti) explained and demonstrated how continuous testing can be performed via a bug bounty ethical hacking platform.


After this demo, Bruno De Legher (Information Security Officer @Telenet) elaborated on a specific customer case on how to use the bug bounty platform to improve the security posture.


The bug bounty programme solves the problem of “limited in time testing” but it is still defined for a specific scope. To solve the scope challenge, the external attack surface needs continuous mapping and monitoring. Stijn Vande Casteele (founder & CEO @Sweepatic) elaborated several methodologies how to cope with this.


To conclude our afternoon programme, Axel Legay (professor @UCL) presented concrete cyber security projects that can be realised thanks to the CyberWal initiative.