SecurityPasswords are bad. We all know it, but we also know you're not going to build a service that doesn't use them - not if you like paying the rent. However, we can do a lot better. We'll take a whirlwind tour through the aspects of connecting people to your service, from generating passwords, not using passwords at all, creating users with one tap, identity providers, automatic cross-device sign-in, and password managers. Sign-in should be simple.
SecurityAs developers we tend do a poor job of implementing cryptography and other security measures in our systems. Often the primitives used are out of date and overlook very subtle flaws. These mistakes lead to systems that are hopelessly insecure despite our perception that we’ve build an impenetrable fortress. Fortunately there are a few tools and techniques at our disposal that can ease some of the pain. In this talk we’ll explore some of the most
SecurityIn today's world where everything moves towards https and other TLS secured connections, certificate management is more important than ever. Through the use of the ACME protocol, LetsEncrypt provide the infrastructure,but to make it a scalable solution from a management perspective, integration is needed. In this talk I'll take a look at how we integrated with LetsEncrypt for the postgresql.org infrastructure management, to reach zero manual work
SecurityMost web developers have some knowledge of input sanitization and encryption, but what happens when you forget an edge case or when users are connected to a rogue access point?
Through the use of technologies like strict transport security, content security policy, sub-resource integrity, and the referrer policy, web developers can instruct browsers to add a second layer of defenses against the most common attacks.
SecurityDe nos jours, HTML5 et ses API permettent de nouvelles applications mais engendrent aussi de nouvelles possibilités d'exploiter des failles de sécurité : fuites de données, accès aux fichiers, interactions JavaScript, iframes : tout va plus vite et on ne fait pas toujours attention aux conséquences. Quels sont les risques ? Les protections ? Saviez-vous que l’on peut pister votre identité avec l’API Battery sur votre navigateur de smartphone ?
SecurityIt's well known that Microservices Architecture can help pave the way to more resilient, decoupled and flexible apps. There are nuances to getting Microservices right however, and one such fundamental is securing them! It's essential that your services can be properly secured from both an authentication and authorization perspective.
In this talk we will cover our solutions for securing Microservices & our journey at Red Ventures to get there.
SecurityApps and services depend on secrets like tokens or password for authentication. But neither env vars nor files provide secure, flexible and PCI compliant transport mechanism for cloud and containers. With Custodia we developed a HTTP and JSON based protocol and reference implementation for authentication, routing and auditing of secrets. It combines Unix sockets and sVirt with JOSE and PKI to request secrets from a store or 3rd party vault.
SecurityIt happens even to tech giants: they get hacked and client databases get leaked. Let's look at what data is the most sensitive and what steps we can take to protect it, while still keeping all of the user experience intact. Come see why most web applications do passwords and credit card information wrong.
SecurityThe CPython interpreter have seen a fair share of security incidents. As a core contributor and member of the security team I have been involved in fixing security bugs and hardening Python. You will learn about past vulnerabilities in Python's dict implementation and standard library modules, how to avoid common mistakes and recent improvements of ssl, hashlib and random number generator.
To provide the best experiences, the usage of cookies are necessary. Some are essential for the proper functioning of the site, while others help us better cater to your interests.