Securing the Chain Archieven

The AppSec Contractual Sins

In this talk, based on years of practical experience in dealing with supply chain security and IT contracts, I am sharing techniques and methods for ensuring that security requirements are properly incorporated into IT contracts, and that business risks are properly assessed – and addressed. The talk will present a number of real-life examples of […]

Webex onder de loep: Vertrouwen is goed, pentesten is beter (session in Dutch)

Session will be held in Dutch (subtitling available) Op 4 mei 2024 publiceerde de Duitse journalist Eva Wolfangel een artikel over een beveiligingslek in het videoconferencingplatform Cisco Webex, dat door de Duitse overheid wordt gebruikt. Als gevolg van dit artikel haalde de Duitse overheid haar Webex-omgeving per direct offline. Cisco bracht vervolgens op 4 juni […]

From due diligence to resilience: how to secure your most critical suppliers

Many organizations rely heavily on their suppliers. In some cases, critical suppliers are even more important than an organization’s own business units. Despite the importance of certain suppliers, we often treat critical suppliers very differently compared to our own organization’s critical business units. In this talk we discuss why this gap can be problematic and […]

Vulnerability Disclosure in the Energy Sector

The European electricity network has become a ‘smart grid.’ This offers many opportunities for sustainability but also makes our energy system more vulnerable to digital attacks. In a time of increasing threat of hybrid warfare, the government and the energy sector realize that we as a society must prepare for possible disruption of the energy […]

You’re not secure by design, if you’re not memory safe!

What if 70% of all vulnerabilities in the critical infrastructure of tomorrow could be prevented with one simple decision? Memory safety is not just an implementation detail that only engineers should talk about; it is a crucial requirement for building software that is safer and more secure by design. In this talk, we’ll explore what […]

Bucket Leaks: From Exposure to Cloud Takeover

With the growing reliance on cloud services for storage and deployment, securing cloud environments has become critically important. Cloud storage solutions like AWS S3, Google Cloud Storage, and Azure Blob Storage are widely used to store vast amounts of data, including sensitive configuration files used in software development. These files often contain secrets such as […]

Researchers vs. Threat Actors in Cloud Attacks

Security researchers push the boundaries of what’s possible. (Nation-state) threat actors push the boundaries of what’s exploitable. In this talk, a cloud security researcher and a threat intelligence analyst team up to explore how cutting-edge cloud attack research is rapidly weaponized by espionage threat groups. We’ll walk through real-world examples where newly published techniques – […]

SBOM: beyond simply listing CVEs

Organizations need to manage cybersecurity risks in increasingly complex IT and OT infrastructures that are comprised of heterogeneous systems and services, both on-premise and in the cloud. Many of these components are produced or provided by third parties, exposing organizations to various risks that need to be carefully managed and mitigated (a.o. to prepare for […]

From Assessment to Action: Coordinated Risk Strategy

In an era where supply chains are as interconnected as the technologies that power them, cybersecurity risks no longer respect sectoral or national boundaries. This panel explores the urgent need for an EU-wide, coordinated approach to supply chain security—one that bridges public and private sectors, aligns risk assessment methodologies, and drives the development of a […]

Hyperconnected Supply Chains: Attacking Cyber Resilience

Cyber resilience is under attack. As global supply chains become increasingly hyperconnected, the convergence of Operational Technology (OT), IT, AI, and Industrial IoT (IIoT) is exposing new vulnerabilities. The Netherlands, a key hub for maritime logistics, energy, and critical infrastructure, is at the centre of these risks, facing a growing wave of cyber threats—from state-sponsored […]