SecuritéThe concept of Cross-site Scripting (XSS) is over 20 years old, but the attack does not seem to go away. There is finally light at the end of the tunnel: Content Security Policy is a W3C standard that can effectively limit which JavaScript code a browser is allowed to run. In this session we will have a look at different features and versions of CSP, provide best practices for using this technology, and also analyze implementation strategies.
SecuritéYou’ve probably seen how a ASP.NET Core application works, but authentication and authorization are a different cup of tea. Microsoft completely re-did a large part of these security features in ASP.NET Core.
We'll look at the different case of doing authentication for your application, with ASP.NET Core Identity or by using a token service (STS). When that's done we'll dive into the authorization part which is also completely overhauled.
SecuritéWeb applications are getting more complex. A lot of effort has been deployed in web frameworks.
On the other side, the infrastructure used is rarely scrutinized by developers for potential vulnerabilities.
This talk will show you how the use of a cache server can introduce serious vulnerabilities to your web applications. It will cover Web Cache Deception, ESI injection and Cache poisoning. These attacks have all emerged in the past two years.
SecuritéDLL Injection sounds like some black magic used only by hackers. However, it is used widely in the Windows ecosystem by multiple antiviruses and system utilities. During the presentation I show how we can use it to change 3rd party applications, how to write simple keylogger in 20 lines of code, and how to inject both native and managed code into other applications. We will see memory management on x86 and some Windows internals.
SecuritéExperience with security is a useful and even profitable skill for every technical and non-technical employee in IT. Contrary to common stereotypes, security is far more than black hoodies, math and crypto. It's also humans and communication skills. Attendees of my talks regularly ask me how to get started. Let me introduce you to diverse areas of info sec and point you to books, online courses, talks, and other resources to get you started.
SecuritéEvery month, we hear about a new data breach and billions of user passwords are being shared as we speak. How can we stop this? There is a simple solution, let’s stop using passwords! From email links to biometrics, more and more technologies are available to help developers handle different types of credentials. During this presentation, the attendees will learn about some of the alternatives and how to implement them.
SecuritéRemember when setting up an auth system was easy? Me neither. From the signup form, the login form, password reset form, and all the validation in between it can easily take weeks if not months to get something basic up and running. Then you have to deal with all the security considerations. No thanks. During this presentation, the attendees will be introduced to OpenID and OAuth and learn how to use them to make more secure apps.
SecuritéThe story is always the same; if you want to create a JavaScript centric app with API and identity security, you’re told that you need to have a server-side component for handling your identity and application security. That’s simply not the case in modern development.
In this session we'll look at client-side identity, API, and token security, exploring token downscoping methodologies, key management tools, and security on the client.
SecuritéFrom IoT thermostats to self-opening windows, there's an off the shelf product out there that will allow you to control your home. Proprietary hubs in the cloud allow you to control your home from anywhere, but also gives the vendor full control!
In this talk, Ben discusses tools and components available today, to create your own home automation system. Keep control over your data, and still turn off the oven from the other side of the world!
SecuritéIoT has been, and still is, a very hot topic. Same for security. Mix the two, and we get all sorts of scary news headlines.
In this talk, Ben will discuss ways in which you can improve the security of your IoT applications, using a live demo around automatic doors as an example.
SecuritéThe EU new General Data Protection Regulation (GDPR) came into force in May 2018, significantly raising privacy & data protection standards. Its effects are being felt around the world, helping users to regain control of their own data outside of Europe too. As part of this, privacy by design provides a primary line of defence between companies and terrible headlines. Learn what developers & project managers need to know about GDPR in this talk.
SecuritéKeeping your web application secure and free from vulnerabilities is hard work, even if you know the OWASP Top 10. In this talk I will show tools, best practices and patterns to help you with this, so that you can find security issues before an attacker does and even prevent them in the first place.
SecuritéIn this talk, i speak about some basics actions to secure your API. Keeping in mind that an API remains a web application, without html/javascript, i will do a demo of SQL injection and then quickly review the OWASP top 10 application security risks. From there i zoom on authentication doing a focus on oauth2/OpenID Connect. Stepping to API Management, i deep dive on some features that can help us to secure our APIs.
SecuritéUsing JSON Web Tokens (JWTs) for API Authorization can have awesome benefits over the more traditional session-ids approach: stateless verification/authorization, cross-domain and being client-side readable, but using JWTs on the web can be contentious. There is a lot of concern (and a lot of FUD spread) about using JWTs in web apps, specifically about storing the JWT in localstorage, but luckily there is a better way...
SecuritéThe Open Web Application Security Project (OWASP) curates a list of the top ten security risks for web applications and how to mitigate them. The ever changing world of web development created a challenge for the 2017 list, which needs to combine both existing approaches and modern trends in web development. We will have a look at each item in the list, see what can go wrong (with code!), and make sure that this won't happen in our web sites.
SecuritéTLS encryption is an important part of websites, service and app deployment, and plays a vital role in protecting data in transit. TLS 1.2 has been around since 2008, and it's being replaced by the excitingly-named TLS 1.3. This talk will give you a rundown on the shortcomings of TLS 1.2 and earlier versions, how and why 1.3 changes things, and what changes you may need to make in your deployments to take advantage of the 1.3 enhancements.
Pour offrir une bonne expérience, l'utilisation de cookies est nécessaire. Certains sont essentiels au bon fonctionnement du site, tandis que d'autres nous aident à mieux répondre à vos intérêts.