Second edition of sec4dev Dialogues brings insightful content and lively exchange

Name	SBA Research Cookie
Provider	SBA Research
Purpose	Saves the settings of the visitors selected in the cookie box.
Cookie name	sba-research-cookie
Cookie runtime	1 year

Name	YouTube
Provider	YouTube
Purpose	Used to unblock YouTube content.
Privacy policy	https://policies.google.com/privacy
Host(s)	google.com
Cookie name	NID
Cookie runtime	6 months

Name	Vimeo
Provider	Vimeo
Purpose	Used to unblock Vimeo content.
Privacy policy	https://vimeo.com/privacy
Host(s)	player.vimeo.com
Cookie name	vuid
Cookie runtime	2 years

June 26, 2025

On June 17, SBA Research and its partner Condignum hosted the second edition of the sec4dev Dialogues event series.

Security for Software Developers is essential. The current threat landscape and security incidents in recent years make it clear: the topic is more relevant than ever. This is also reflected in legislation, such as the NIS-2 Directive, the Cyber Resilience Act (CRA), and the Product Liability Directive (PLD).

The key takeaways from the five insightful talks are:

LLM Security: Risks of Prompt Injection Attacks
Caroline König & Sebastian Schrittwieser, University of Vienna

LLMs are vulnerable to prompt injections, where predefined instructions can be overridden.
The risk becomes critical when LLMs have access to external systems.
Since there are no reliable safeguards yet, developer awareness is crucial.

Presentation slides

SBA Top 10 Software Vulnerabilities – A Retrospective
Fabian Funder and Philipp Schweinzer, SBA Research

Identification of trends from existing pentest data.
Misconfigurations, particularly in cryptographic settings, are the most common security risks.
Analyses should consider not only the frequency but also the severity of vulnerabilities.

Presentation slides

Leveraging the Kubernetes Storm Center for Security Exposure Testing
Constanze Rödig

A resilient SOC for distributed systems is achievable by combining proven eBPF security tools with Pixie’s innovative node-local architecture.
Dynamically adaptive tracing, which automatically zooms in based on threat models, is key to manageable data volumes – eBPF is ideal here as it modifies the kernel in real time.
The Bill of Behavior (BoB), a sort of “package insert for containers,” enables verified anomaly detection (though DIY is also possible).

Presentation slides

Passkeys (in 2025)
Matthias Neumayr, Condignum

An exciting technology aiming to replace passwords with a more secure and user-friendly alternative.
The protocol is not yet finalized; ongoing development is adapting it to practical needs.
Interoperability challenges remain across ecosystems (Android vs. iOS vs. Windows vs. Linux).

Presentation slides

CRA Legal Security: Practical Questions and Answers
Gerald Sendera and Mathias Tausig, SBA Research

Compliance is required starting in early 2027, with harmonized standards currently in development.
Most required measures align with established best practices in secure software development.
Ideally, an SDLC (Secure Software Development Lifecycle) should be implemented according to OWASP SAMM.

Presentation slides

Following the five exciting talks, the mild summer evening was the perfect setting for engaging conversations over food and drinks on the terrace. We would like to thank all participants, speakers, and our partner Condignum for making the event a success. We look forward to the next edition of sec4dev Dialogues in 2026!

LINK

https://sec4dev.io/

News