March 8-10, 2017
Montreal, Canada

Montreal Security Conference

Security Passwords are bad. We all know it, but we also know you're not going to build a service that doesn't use them - not if you like paying the rent. However, we can do a lot better. We'll take a whirlwind tour through the aspects of connecting people to your service, from generating passwords, not using passwords at all, creating users with one tap, identity providers, automatic cross-device sign-in, and password managers. Sign-in should be simple.
Security As developers we tend do a poor job of implementing cryptography and other security measures in our systems. Often the primitives used are out of date and overlook very subtle flaws. These mistakes lead to systems that are hopelessly insecure despite our perception that we’ve build an impenetrable fortress. Fortunately there are a few tools and techniques at our disposal that can ease some of the pain. In this talk we’ll explore some of the most
Security In today's world where everything moves towards https and other TLS secured connections, certificate management is more important than ever. Through the use of the ACME protocol, LetsEncrypt provide the infrastructure,but to make it a scalable solution from a management perspective, integration is needed. In this talk I'll take a look at how we integrated with LetsEncrypt for the postgresql.org infrastructure management, to reach zero manual work
Security Most web developers have some knowledge of input sanitization and encryption, but what happens when you forget an edge case or when users are connected to a rogue access point?

Through the use of technologies like strict transport security, content security policy, sub-resource integrity, and the referrer policy, web developers can instruct browsers to add a second layer of defenses against the most common attacks.
Security De nos jours, HTML5 et ses API permettent de nouvelles applications mais engendrent aussi de nouvelles possibilités d'exploiter des failles de sécurité : fuites de données, accès aux fichiers, interactions JavaScript, iframes : tout va plus vite et on ne fait pas toujours attention aux conséquences. Quels sont les risques ? Les protections ? Saviez-vous que l’on peut pister votre identité avec l’API Battery sur votre navigateur de smartphone ?
Security It's well known that Microservices Architecture can help pave the way to more resilient, decoupled and flexible apps. There are nuances to getting Microservices right however, and one such fundamental is securing them! It's essential that your services can be properly secured from both an authentication and authorization perspective.
In this talk we will cover our solutions for securing Microservices & our journey at Red Ventures to get there.
Security Apps and services depend on secrets like tokens or password for authentication. But neither env vars nor files provide secure, flexible and PCI compliant transport mechanism for cloud and containers. With Custodia we developed a HTTP and JSON based protocol and reference implementation for authentication, routing and auditing of secrets. It combines Unix sockets and sVirt with JOSE and PKI to request secrets from a store or 3rd party vault.
Security It happens even to tech giants: they get hacked and client databases get leaked. Let's look at what data is the most sensitive and what steps we can take to protect it, while still keeping all of the user experience intact. Come see why most web applications do passwords and credit card information wrong.
Security The CPython interpreter have seen a fair share of security incidents. As a core contributor and member of the security team I have been involved in fixing security bugs and hardening Python. You will learn about past vulnerabilities in Python's dict implementation and standard library modules, how to avoid common mistakes and recent improvements of ssl, hashlib and random number generator.

Explore all 156 sessions

Montreal 2017 sponsored by