sec4dev: Conference and Bootcamp
From 24th to 27th of February the 2nd sec4dev Security Conference & Bootcamp took place in Vienna. Like last year the security event was organized by SBA Research – one of the leading research parties for information security in Austria. The sec4dev-conference offers practice-oriented lectures, workshops and full-day boot camps in the areas of secure coding, secure operation, security testing, threat modelling, IoT Security, Cloud Security and so much more.
Software security and secure development practices and processes always had been important for us as a software manufacturer but are getting more and more attention also by our customers using the software in their daily work environment. To better analyse and prevent security issues from happening and have an organized approach to mitigate identified threats and vulnerabilities also this year one of our software developers participated in a 2-day-bootcamp about threat modelling and risk assessment. Under instructions from the OWASP Project Leader for threat modelling – Steven Wierckx – the participants performed threat modeling through a series of practical exercises, where the instructor guided through the different stages of a threat model based on an AWS and microservices migration from a classical web application.
The conference was held at the TU Audimax Getreidemarkt close to the center of Vienna. Topics presented and discussed during the conference covered various important aspects of Software Security and Development, also factoring in the “human” component during the Software Development Lifecycle. Different perspectives to Software Security were covered in the presentations, for example the legal liabilities for insecure software, how to implement a secure development lifecycle, the way to micro-services, authentication and authorization and of course a presentation about the attack and security landscape in the future. An important emerging topic during this years conference and bootcamp was also IoT Hacking and Update/Patch Management which was not as present in the last year.
As a technology leader, software security and threat modelling will continue to be a major focus in the future. Therefore, it was a matter of course for us to participate in this years sec4dev event as well to extend our knowledge.