SecuritéIn September 2021 the old root CA of Let’s Encrypt expired, which caused connection issues all over the world. In my talk you will learn how to debug, understand, and avoid problems with TLS connections and certificates. I will introduce you to various techniques and tools like scanners, packet analyzer, and command line tools for investigating problems.
SecuritéLa sécurité des applications consiste aussi à ne pas exposer d'informations sensibles dans le code (ex. Mots de passe ou clés d'API dans les fichiers de configuration applicatifs).?
Durant cette session, nous verrons comment éviter cela et ainsi renforcer la sécurité de nos applications.
SecuritéTLS encryption is a vital component of a secure internet; The basics are simple, but the practical realities are a confusing forest of acronyms. This talk gives you a breadcrumb trail through the backwoods of TLS, OCSP, ECDHE, HTTP/2, HSTS, and more – the problems it solves, how it works, its component pieces, how to test it, tools and resources to help you keep your data safe, and a glimpse of the future with QUIC and HTTP/3.
SecuritéUnlike JSON Web Tokens (JWT), which gives developers more than enough rope with which to hang themselves, Paseto only allows secure operations. JWT gives you "algorithm agility", Paseto gives you "versioned protocols". It's incredibly unlikely that you'll be able to use Paseto in an insecure way.
SecuritéThe first worm was benign, and designed to highlight security issues, but was so prolific it inadvertently took the Internet down for days. Nowadays, malicious attacks know no bounds. We hear stories of them targeting elections and even entire democracies!
Join me, as we explore why this is a challenge we can overcome and how YOU are part of the solution.
SecuritéJSON Web Tokens, or JWTs for short, are all over the web. They can be used to track bits of information about a user in a very compact way and can be used in APIs for authorization purposes. Join me and learn what JWTs are, what problems it solves, how you can use JWTs, and how to be safer when using JWTs on your applications.
SecuritéLet's talk about OpenID Connect & OAuth 2.0 security best practices in a way that anyone can easily understand.
In this talk, I will cover the fundamentals of user authentication in modern web applications and websites. I will start OpenID Connect and OAuth 2.0, then proceed with exploring stateful (session-based) and stateless (token-based) auth and examine cookies, JWT, and client storage in close detail.
SecuritéSince 2003, the Open Web Application Security Project curates a list of the top ten security risks for web applications. After several delays, the 2021 list was finally released in late September.
Time to have a look at what's new, what has changed, and to get an up-to-date refresh on how to create secure web applications and prevent the top ten issues from happening. We will also discuss whether the list is still relevant, and what is missing.
SecuritéUser privacy is key for your website’s reputation. Data breaches can be caused by the exploitation of an SQL injection or a malicious employee. However, design choices can also cause information leakages about your users. Those include third-party services usage, improper obfuscation or misconfiguration of APIs such as GraphQL. In this presentation, we will explore those weaknesses through examples found on well-known websites.
SecuritéWhen it comes to security, identity management, and access control, it is best to rely on trusted, tested, solid foundations instead of reinventing the wheel. Over the years, Keycloak established itself as the defacto platform supporting OAuth, social logins, and single sign-on. In this talk, we’ll share our recipe to customize, package, and operate Keycloak as we needed to extend it to fit the Ambassador Cloud platform business requirements.
SecuritéModern applications depend on a multitude of Python, Node.js, Rust, or Go packages, which are maintained by strangers and downloaded from public repos. Supply chain can be attacked or fail for other reasons from API breakage to "leftpad", or typo-squatting. In my talk I'll cover techniques and best practices for a stable, secure supply chain as well as insight from a Python security team member and packager for Fedora and CentOS.
Pour offrir une bonne expérience, l'utilisation de cookies est nécessaire. Certains sont essentiels au bon fonctionnement du site, tandis que d'autres nous aident à mieux répondre à vos intérêts.