SecurityJSON Web Tokens are everywhere - you are using a bunch of them right now. It's such a common technology, yet, it's very easy to get them wrong. In this session, we get to the nitty gritty of JWT's - what they are, how they work, and how to make sure that we haven't made an app that just waits to be hacked.
SecurityThe Symfony Security component has recently been totally reworked in order to make it simpler to use and extend. In this talk we’ll make a deep dive into the component and dissect all the many concepts of its architecture such as authentication, passport, badges, authorizations, voters, etc. You’ll also discover how to create custom authenticators, make password less authentication with magic links and login throttling mechanisms.
SecurityIn this talk we'll have a comprehensive look at the most common security risks that affect mobile applications according to the Open Web Application Security Project, with interesting code samples in C#, as well as some tips and tricks on how to prepare our app to walk around each potential security risk.
SecurityHow can a tiny vulnerability in a web application lead to to a take over of your complete Kubernetes cluster and cloud provider account? In this talk, I'll show you on a live system, how a hacker could end up doing exactly that. You will learn about different attack vectors, and how you can protect yourself against each one of them with a multi-layered security strategy. And all of this with the help of open-source tools.
SecurityIn this session, I dissect how we built an edge computing device into a conference badge, while enabling it to reliably report metrics on the (badge) wearer to a health check and monitoring system.
The talk focuses on the software challenges of edge computing. I specifically look at "noisy environments", network isolation, and trust barriers to illustrate what goes into the "dos" and "do nots" of building reliable workload orchestration.
SecurityThis talk wants to provide you with a boilerplate knowledge on encryption and how to encrypt and decrypt data in PHP with public and private keys. It will be demonstrated with live code for attendees to follow.
SecurityIn recent years, the ways that we can deliver HTTP has improved in occasional leaps, from 1.0, 1.1, a big step to 2.0, and now 3.0. One of the biggest obstacles has been TCP, which isn't a great fit for HTTP, but we are stuck with it – or are we? QUIC is a reimagining of TCP that runs over "the other protocol", UDP, giving us yet another step up in performance and security. Discover how it works, and how you can deploy it today.
SecurityCross-Site Scripting (XSS) is still one of the most common vulnerabilities in web applications, despite well-known and effective countermeasures. Often neglected however are XSS issues when using a Single-Page Application (SPA) framework like Angular, React, or Vue.js. We will have a look at those systems, analyze the attack surface, and look for both specific weaknesses and specific countermeasures. A must-see session if you are using SPAs.
SecurityIn this session, I dive into the process of building a secure workflow for infrastructure deployments, starting from a developer's machine to deploying protected workloads in "production".
I look at separation of concerns from a security and networking perspective and highlight the skills operations engineers may need to level up.
Attendees can expect to learn which design patterns matter, which don't, and how to implement them at scale.
SecurityAttackers write crafty code to compromise apps, steal data, and cover their tracks. To protect against them, you must understand them.
Learn from our real-world ecommerce breach investigations as we demonstrate weaknesses & exploit techniques.
See code used to create hidden persistent backdoors, covertly capture & exfiltrate credit card data, and hide evidence of attacks.
Leave with new protection strategies along with a top 10 cheat sheet.
SecurityLet's delve into the realm of online authentication. From traditional passwords to WebAuthn and Passkeys, we'll explore the history, security enhancements, and improved user experience.
Don't miss this insightful talk on the current state of authentication and the future of digital identity, as we examine whether passwords are on the brink of obsolescence or still have a role to play in our increasingly connected world.
SecurityWebAssembly has been available in all major browsers, and Node.js, since 2017. Since then, additional features have been added and its use has expanded outside the browser to places like edge and serverless computing, containers, and IoT. It's even possible to leverage it from within your code! In this talk, you'll learn how WebAssembly works and about the new capabilities that have been added.
SecurityThreat Modeling is critical to achieving design goals for system security and data privacy.
This talk presents Threat Modeling Capabilities you can use to implement or reorganize an organization wide practice.
Using a business capability format, we will cover those areas at a high level: Strategy, Education, Creating and Acting on Threat Models, Communications, Measurement and Program Management.
SecurityYou will learn about the most common security vulnerabilities in node.js and see how you can fix them with real life code examples. I'm going to bring my experience as Node.js core collaborator and member of the security working group, and we will go through some of the vulnerabilities that have been fixed in the past.
SecurityDo you know how to secure your APIs? Tokens alone are far from enough. Automated direct access to the application business logic allows whole new classes of attack vectors and vulnerabilities - data extraction, impersonation, rogue access, and more. You can deploy countermeasures like elevated access requirements, multi-factor auth, response limits, etc. Let's explore both sides of that coin to let you properly design security for your APIs.
To provide the best experiences, the usage of cookies are necessary. Some are essential for the proper functioning of the site, while others help us better cater to your interests.