SecuritéWebsockets became very popular over the last few years, regular security tools are not catching a lot of the security issues related to websockets. Most popular tools are more suited to the HTTP protocol. This talk will outline the various gaps in existing tooling available to test applications that use websockets. It will also demonstrate a new opensource tool which was designed specifically for testing websockets.
SecuritéSecurity testing is an important part of the development process. Understanding the security posture in your live production environment and measuring real threats is equally important. Should you perform testing on production? In this talk we will share the perspective of an experienced pen-tester, who has seen what happens when things don't go to plan. We will then help devise the best testing strategies for maximum payoff and minimum risk.
SecuritéWe are in an age of technological revolution. The technologies that we read about in fiction and watched on tv shows as children are being built now, all around the world.
This is a time to be excited and hopeful about the benefits that technology can bring to all aspects of our lives and society but also a time to be mindful of the risks we face.
In this talk, we discuss this exciting future and how we can work together to secure it.
SecuritéLes JWT sont très pratiques pour faire transiter des données de manière fiable. Ils sont souvent utilisés pour assurer l'authentication auprès de micro-services ou de SSO dans le cadre d'OIDC. De plus, on voit beaucoup de JWS (des jetons signés), mais ce n'est pas la seule implémentation qui existe. JWT est plus vaste que ce que l'on peut penser. Je vous propose de découvrir des aspects de JWT moins connus que l'utilisation classique.
SecuritéYou and your team have been working on some web apps and APIs for a few sprints now, and you may or may not already have a version running in production, when out of the blue, the client announces that a security company will do an assessment of your project. If your initial reaction to this news is either being scared or concerned, you're probably right. And you should probably attend this session to be better prepared for what comes next!
SecuritéThe idea of isolating services into containers revolutionized the IT world. And while containers are here to stay, most container images in use today are gigantic in size, contain unnecessary even dangerous components or generally are shipping a lot of bloat. And with that killing the very idea of containerization.
Shall we put our containers on a diet, avoid security problems, and, while doing so, even reduce build times? This talk shows how!
SecuritéEmail has been around forever and is taken for granted – but it has become more complicated recently. New features like SPF, DKIM, and DMARC are misunderstood and many get even simple things wrong. Email is radically different to most other protocols, and attempts to treat it like HTTP are doomed to failure.
So we'll go back to basics, review how email works, avoid common mistakes, take advantage of new features, and stay out of the spam folder.
SecuritéKubernetes makes it easy to deploy, manage and monitor your cloud native applications. Security can be a challenge in such a dynamic, containerised environment, though. Ensuring that your containers are not containing vulnerabilities is vital throughout the complete supply chain, from development and CI through deployment and admission controls to security at runtime.
In this talk you will see how you can secure you containers.
SecuritéAussi commun que cela puisse paraître, presque chaque entreprise met en œuvre l'authentification d'une manière différente (souvent complexe). Dans cette session, nous aurons un aperçu des multiples méthodes classiques d'authentification et verrons comment nous pouvons la moderniser en utilisant un projet open source.
SecuritéSince almost 25 years, Cross-site scripting (XSS) is one of the most common risks for web application. Yet today, there are many ways to protect a web application from the attack: browser features, HTTP headers, and special APIs. This talk first discusses why XSS is dangerous at all and then covers countermeasures: Content Security Policy, Trusted Types API, and protection in SPA frameworks. After this talk, there's (almost) no excuse to get XSS.
SecuritéThis session explores how to think about security from the front to the back of a typical serverless application. How do you configure AWS serverless services to provide least-privileged access while ensuring functionality? How should you think about managing IAM policies for your AWS Lambda functions? We cover all this and more, leaving you with concrete examples applicable to almost any workload.
SecuritéThe software supply chain is under constant attack & threat actors look to profiteer off the cracks in its foundation. The JavaScript ecosystem is at the heart of this problem & much of the fear, uncertainty & doubt that are becoming normalized. New exciting tools & innovations that combat these problems are right around the corner. Learn more about the current state & future of security in the JavaScript ecosystem & how to protect yourself today
SecuritéBoite à outils complète pour implémenter des processus d'authentification fluides et sécurisés, Keycloak permet de gérer simplement les identités et l'accès à vos applications de bout en bout.
En quelques actions, vos applications supporteront le SSO, l'authentification multifacteur, la fédération d'identités, la gestion de compte et même le consentement utilisateur.
A tous ceux qui souhaitent améliorer la sécurité et l'UX : rejoignez-nous !
SecuritéArtificial Intelligence is advancing quickly and brings with it some promising applications, but also some scary prospects. Let's talk about some of the security implications, get a better understanding of Adversarial AI, and also look at some of the truly cool things you can do in ChatGPT to improve security.
SecuritéEvery wondered why you are eager to fix some issues and some leave you cold. Every pondered how your brain can affect the security of the software you build? Then this is the talk for you.
In this talk we will look at 4 human behaviours, the psychology behind them and how they affect our ability to protect what matters most. Finally, giving you some tactics to trick your brain and improve security on the way.
SecuritéI've been working with Python typing annotation in the last few years as part of our main product and I've always been curious about how it can be pushed to prevent errors.
Mypy quickly shows value by catching these unexpected `None`, but can we do even better? This presentation explores how advanced features of python typing can be used to prevent insecure use of API leading to common injection attacks.
Pour offrir une bonne expérience, l'utilisation de cookies est nécessaire. Certains sont essentiels au bon fonctionnement du site, tandis que d'autres nous aident à mieux répondre à vos intérêts.