26 au 28 février 2014
Montréal, Canada

Conférence Securité à Montréal

2FA: The Rise of Two-Factor Auth
Securité Two-factor authentication has gotten lots of attention lately. It's being praised as a way to help eliminate passwords and already has several major companies adapting their practices to use it. Let me guide you through the world of 2FA, some of the basic concepts (with examples) and dive deeper into the associated protocols and RFCs.
Application Logic Security
Securité This session will outline security practices and solutions designed to address security issues within application's business and processing logic, which are often overlooked in favour of basic security flaws such as SQL Injection, XSS, etc... The session will focus on how to implement mechanisms for improving data access, avoiding common ACL pitfalls, etc.
Attaques communes sur les reinitialisations de mots de passe
Securité Les fonctions de réinitialisation des mots de passe sont communes et assez rarement testées. Pourtant, ces fonctions peuvent avoir plusieurs vulnérabilités critiques qui compromettent l'ensemble de l'application.

Dans le cadre de cette présentation, nous allons voir des exemples de code ainsi que les attaques contre plusieurs catégories de failles.
Designing JavaScript APIs
Securité API creation within JavaScript introduces a whole new array of security and request issues that traditional APIs never encounter. In this session we’ll explore several principles behind JavaScript API design and architecture, including OAuth 2 in the JavaScript model, Cross-Origin Resource Sharing for browser security constraints, building action automation with HATEOAS, and
challenges behind secure resource consumption through JavaScript
Hacking with Gems
Securité What's the worst that could happen if your app has a dependency on a malicious gem? How easy would it be to write a gem that could compromise a box?

Much of the Ruby community blindly trusts our gems. This talk will make you second guess that trust. It will also show you what malicious gems can do, how an attack could be executed, how to vet gems, and what the Ruby community can do to increase security around gems.
HTML 5 Security
Securité HTML 5 is the latest incarnation of the HTML standard. While HTML 5 brings a number of widely criticized security issues, it also includes important security advances. This talk will press beyond the hype and examine some of the new features of HTML 5, explain how they work, and relevant security topics. The intent is to familiarize the audience with the new, security related aspects of HTML 5 and how they will change the app security landscape.
L'injection c'est quoi?
Securité C'est la position numéro un du fameux Top10 d'OWASP depuis le début des temps. Certains disent (OK, juste moi) que tout en sécurité est à propos de l'injection à un moment où un autre.

Si vous ne savez pas du tout ce que c'est l'injection, et qu'est-ce que ça peut faire à votre application au niveau de la sécurité, cette présentation est pour vous.

Le contenu en détails sera adaptée à l'audience au cours de la séance.
Modern SSL: Fighting for the users
Securité While embarking on a year long project to deploy SSL to 100% of Twitter users, our team worked through many challenges and performance issues.

In this talk, I'll discuss those challenges and issues involved deploying SSL to 200 million+ users.

I will also discuss the current risks facing administrations (NSA/Prism, Key management, CRIME, BEAST, and BREACH) when implementing SSL at any scale, and mitigations (HSTS, cipher selection,etc.).
SDLC in Hostile Environments
Securité What happens when end-users have the motive, opportunity, and skillset to attack our software? When two hacker conferences hosted a six week capture-the-flag contest, organizers learned first-hand how this impacts the software development life cycle (SDLC). We will discuss wins and losses, successes and failures, and hard lessons learned.
Securing RESTful APIs using OAuth 2 and OpenID Connect
Securité Constructing a successful and simple API is the lifeblood of your developer community. As we construct our API we need a secure way to authenticate and track apps & requests; OAuth 2 provides us with a secure and open way of doing just this.  

In this talk, we will examine REST and OAuth 2 as standards for building secure API infrastructures, exploring architectural decisions in choosing REST standard variations and implementations of OAuth 2
Sensations fortes et périls de la crypto Javascript
Securité Avec l'érosion du respect de la vie privée que nous observons ces derniers temps, ne devrions-nous pas être plus engagés à protéger les données de nos utilisateurs, parfois même de notre propre application? Cette présentation suivra l'évolution de la crypto en Javascript : les bons et mauvais coups. Nous discuterons par la suite de l'importance d'apporter plus de sécurité du côté client, et quels outils nous pouvons construire pour y arriver.
Things Every PHP Developer Should Know About Security
Securité PHP developers must consider a variety of factors to ensure the utmost security of their software. Programming errors are not always to blame for failures; conceptual flaws and simple configuration mistakes risk rendering an implementation useless. In this talk, security expert Arne Blankerts provides PHP-specific solutions to common problems. Since security hazards are best avoided, there is a strong emphasis on detection of sources of trouble.
Vulnérabilités liées au téléversement de fichiers
Securité Le téléversement de fichiers fait partie intégrante des applications web moderne. Qu'il s'agisse d'images ou de documents, plusieurs risques guettent l'acceptation de fichier provenant d'un utilisateur. Les attaques les plus communes seront présentées allant de simples "webshells" à des problèmes de configuration plus poussés liés au "same orgin policy".

Explorez les 146 présentations

Montréal 2014 sponsored by

© 2010-2024 ConFoo. Tous droits réservés. Code de conduite