February 24-26, 2016
Montreal, Canada

Montreal Security Conference

Automating Data Classification using ActiveModel
Security If you had to go through PCI compliance, you would know how painful it is to audit and maintain data classification of any Personal Identifiable Information. In this talk, Rida will share how to use tools like Rails' ActiveModel to automate and maintain your classification as part of your application.
Comment protéger les applications mobiles?
Security Cette présentation vous présentera les vulnérabilités les plus communes sur les appareils mobiles. Elle détaillera entre autres comment stocker sécuritairement les données de l’application mobile en transport et stockage ainsi que protéger l’application au mieux des attaques externes. Des outils simples vous seront donnés pour détecter ces vulnérabilités.
My app is secure... I think
Security With more and more sites falling victim to data theft, you've probably read the list of things (not) to do to write secure code. But what else should you do to make sure your code and the rest of your web stack is secure ? In this tutorial we'll go through the techniques of securing your web and database servers, securing your backend and frontend javascript code. We'll also look at intrusion detection to make sure your customer data stays secure
Node.js Authentication and Data Security
Security The arena of proper auth & data security standards is often some of the most misunderstood, confusing, and tricky aspects of building Node apps. Using open source auth techniques and proper data encryption standards, we’ll learn how to make intelligent decisions on creating a solid infrastructure to protect our users and data. We’ll dive into auth systems, data attack vectors, how to protect your systems, and common security pitfalls in Node.
Protecting the Future of Mobile Payments
Security We are in an age where more people have phones than toilets, and there are more active cell phones than people on the planet. How do we protect all of these devices roaming around unsecured locations, especially when they want to pay for something. Learn the secrets behind building a secure mobile backbone, as we explore how to harden security, build systems based on identity confidence, and work towards a future proofed mobile framework.
Robust Two-Factor Authentication
Security Single use codes delivered by Email and SMS, mobile phone verification using automated phone calls and installed apps, or standalone physical devices - there's more than one way to do 2-factor authentication.

There are benefits and downsides to each. Learn how each one works, and what is best for you and your users. Avoid common mistakes when rolling out 2FA, and take a look at how you can add one, or many, to your application's login's flow.
Security Theatre
Security This is not your normal security talk. We're going to look at the data from an ongoing 4 year project to see just how vulnerable the average consumer website is.

We'll dissect the results, pull out some interesting tidbits, stare at horror at the rats-nests we come across and, hopefully, come away with some insights and awareness of the insecurity of the web around us.
XSS modernes : Protections et contournements
Security Il existe une panoplie de mécanismes de protection contre les XSS. Pourquoi les XSS sont-ils toujours d'actualité? Dans la mire de cette présentation, on retrouvera le Chrome XSS Auditor, IE/Edge XSS filter, Request Validation de ASP.NET et les entêtes Content Security Policy. Comment ces mécanismes peuvent être contournés? Que doit-on vérifier pour prévenir ces vulnérabilités? C'est ce que vous découvrirez dans les multiples démonstrations.

Explore all 151 sessions

Montreal 2016 sponsored by

© 2010-2024 ConFoo. All rights reserved. Code of Conduct