February 28 - March 1, 2013
Montreal, Canada

Montreal Security Conference

Security Présentation d'une boite à outil permettant d'automatiser simplement les tests permettant de valider une application vis a vis des risques les plus courants (vis a vis du OWASP Top10)
Security You've seen some of the basics of securing your application - validating input, filtering output and the like. Let me take you a step further into more advanced security in PHP. Protecting your application from things like XML injection, insecure sessions & upload issues can be tricky. This session is a how-to on keeping your app safe.
Security Security and usability can co-exist in your application. This presentation will review usability best practices in authentication pages like registration, login and reset password against security best practices. You will also learn how to use visual design to secure your application and avoid visual and UX practices that weakens the overall security posture of an application.

This presentation will be co-presented with Christine Mekhail - UX Designer and Certified Identity Protection Advisor (CIPA) at Software Secured
Security A refresh from last year's code quizz game: 15 new code snippets involving various coding languages will be shown and you will try to identify their security flaws.

Difficulty will go increasing and newcomers are welcomed: each case will be explained and discussed.
Security What's two factor authentication, and why is everyone talking about it? We'll have a quick overview about why two factor authentication is so important nowadays and then we'll get down and dirty in code with two real world cheap/free implementations (Google Authenticator and Yubikey) that you can use for your webapps.
Security L'utilisation du chiffrement demeure encore aujourd'hui une zone obscure et peut entraîner, même lors de l'utilisation d'algorithmes sécuritaires, de graves conséquences.

La séance présentera le concept d'oracle de chiffrement, de mauvaises implémentations de chiffrement ainsi qu'une démonstration d'attaque en situation réelle.
Security Il existe une multitude d'outils analyse statique permettant d'identifier des bugs de sécurité. La présentation couvrira leurs forces et faiblesses. Quels critères de sélection sont importants dans le choix d'outils? Pour quels types de vulnérabilés ses outils sont-il le plus efficace?
Security Nous parcourerons le OWASP Top10 appliqué à Javascript et verrons comment développer les scripts serveurs ou les javascript navigateurs pour empêcher les vulnerabilités présentes dans le Top10 OWASP
Security Le test d'intrusion est privilégié pour découvrir les failles de sécurité. Souvent, car l'entreprise ne connaît pas les alternatives, malgré son coût et ses limites.

Analyse, conception, codage, tests, déploiement et opérations: à chaque phase, de nouveaux risques, et de nouvelles opportunités pour les prévenir. Survol des opportunités...
Security So you got hacked, how do you clean up as quickly as possible? This talk is DIY Incident Response: quickly identifying the vector of compromise, plugging it, and then finding and removing any backdoors that may be hidden on the system. This will be an expansion of last year's talk, delivered in the form of a narrative, with real-world examples.
Security An overview of the methods for testing your web applications for some of the common classes of vulnerabilities: the OWASP Top 10 and beyond. We will use Vega, demonstrating new features. Vega is a free, open source, multi-OS platform for security testing web applications. Vega is for anyone developing, deploying, or maintaining a web application.
Security According to a study, nine out of ten web applications have security vulnerabilities. Developers seem to have a hard time writing secure apps, so browsers come to their aid: new techniques and protocols like built-in XSS filters, special HTTP headers, and more can help prevent many attacks. This session presents and discusses these new safeguards.
Security Being secure on the web is getting harder and harder - the attacks are happening more and more and we, as web app developers, have to respond. The session will share tips you can follow in your code to ensure that your app stays safe and some tips to help improve investigation and preventing your app from becoming the next statistic.

Explore all 155 sessions

Sponsored by

Media