IEEE ISEC 2025 - Building Secure Applications - 5th Talk

March 15, 2025

About IEEE ISEC Conference

The IEEE Integrated STEM Education Conference (ISEC) is a prestigious academic event focused on advancing STEM education. The 15th annual ISEC (March 15, 2025, at Princeton University) brought together educators, researchers, industry professionals, and students to explore cutting-edge approaches to STEM education and workforce development.

ISEC focuses on integrated STEM education—teaching disciplines through interdisciplinary experiences rooted in engineering design and real-world problem-solving. The conference featured keynote speakers, panels on "Responsible Use of AI in STEM Education," student poster presentations, workshops, and industry exhibits.

Talk: Building Secure Applications

Talk Overview and Goals

This talk encouraged students and upcoming developers to prioritize security from the start. With LLMs, AI, and ML playing increasingly significant roles in software development, both new and experienced developers must integrate security into their workflows. While these technologies enhance productivity, they also introduce new risks. The responsibility of protecting applications lies with every developer.

Core Security Principles for Developers

Defense in depth, principle of least privilege, fail securely, input validation and output encoding, and security by design.

OWASP Top 10 and Practical Guidance

Covered the OWASP Top 10 with real-world breach examples and prevention techniques: injection flaws (parameterized queries), broken authentication (MFA), sensitive data exposure (encryption), XSS (output encoding), broken access control (authorization checks), security misconfiguration, and vulnerable components (dependency updates).

Security in the Age of AI-Assisted Development

Addressed challenges with tools like GitHub Copilot: AI-generated vulnerabilities from insecure patterns, over-reliance on AI suggestions, prompt injection attacks, and best practices (review AI code, use static analysis, learn secure coding principles).

Building a Security-First Mindset

Think like an attacker, learn continuously, participate in security communities (BSides, OWASP chapters), and practice ethical hacking (HackTheBox, TryHackMe, OWASP WebGoat).

Slides can be found here: View Slides

NJWEA

Share on

Twitter Facebook LinkedIn

Sheshananda Reddy Kandula

IEEE ISEC 2025 - Building Secure Applications - 5th Talk

About IEEE ISEC Conference

Talk: Building Secure Applications

Talk Overview and Goals

Core Security Principles for Developers

OWASP Top 10 and Practical Guidance

Security in the Age of AI-Assisted Development

Building a Security-First Mindset

Share on

You may also enjoy

LLMSec Demo: Interactive Security Training Platform for LLM Vulnerabilities

ISC2 & IIA Joint Cyber/AI Training Day 2025 - LLMsec: A Practical Guide to Attacks and Mitigations - 10th Talk

BSides Delaware 2025 - LLMsec 2025: A Practical Guide to Attacks and Mitigations - 9th Talk

HOPE_16 2025 - Quantum Computing and AppSec: Preparing for the Post- Quantum Threat - 8th Talk

Sheshananda Reddy Kandula

About IEEE ISEC Conference

Talk: Building Secure Applications

Talk Overview and Goals

Core Security Principles for Developers

OWASP Top 10 and Practical Guidance

Security in the Age of AI-Assisted Development

Building a Security-First Mindset

Share this post

Share on

You may also enjoy

LLMSec Demo: Interactive Security Training Platform for LLM Vulnerabilities

ISC2 & IIA Joint Cyber/AI Training Day 2025 - LLMsec: A Practical Guide to Attacks and Mitigations - 10th Talk

BSides Delaware 2025 - LLMsec 2025: A Practical Guide to Attacks and Mitigations - 9th Talk

HOPE_16 2025 - Quantum Computing and AppSec: Preparing for the Post- Quantum Threat - 8th Talk