SecurityLe top 10 de l’OWASP est une référence mondialement reconnue dans les communautés infosec et devops. Malgré tout, l’émergence de nouvelles technologies web ainsi que des fonctionnalités de plus en plus riches amènent de nouveaux vecteurs d’attaque. Nous présenterons plusieurs exemples de vulnérabilités moins connues mais tout aussi dangereuses et également des recommandations afin de s’en protéger.
SecurityProper and correct authentication is a fundamental requirement for authorization and access control. Plain passwords logins is ubiquitous, but no longer state of the art. This talk will give you an overview of various alternatives and their crypto starting with password hashing over Unix sockets, 2FA, certificates, and hardware tokens to federated Single Sign-On solutions like Kerberos or OpenIDC.
SecurityTLS is the most important and widely-used protocol for secure and encrypted communication, e.g. HTTPS. It offers more than just encryption. TLS also ensures data integrity and strong authentication with X.509 certificates. Did you ever wonder how TLS and CAs actually work? I'll give you the rundown of the basic cryptographic building blocks, protocol handshake, inner structure of certificates, PKI, and what's new in TLS 1.3.
SecurityIn Rails, cookie-based sessions are encoded, signed and encrypted by default magically. However, it is hard to do the same thing with Sinatra or Rack. In this session, I will introduce how decorator pattern works in Ruby and show how flexible it can integrate with cookie-based session encoding instead of installing gems like "rack-session-encryption" or "encrypted_cookie".
SecurityLes moteurs de template sont de plus en plus communs aux applications Web modernes. Malgré l’intérêt que cela apporte aux développeurs dans la logique et la lisibilité du code, la mauvaise implémentation des moteurs de template amène de nouveaux enjeux de sécurité. Cette presentation a pour but d’introduire une nouvelle classe de vulnérabilité communément appelée “Server Side Template Injection” a travers différents cas d’implementation.
SecurityAlice and Bob have covered the basics of secure communication but cryptography can offer us more than this. After a brief refresher on the basics, we'll take a look at some of these other aspects of cryptography including hash functions, elliptic curves and quantum cryptography. Then we'll take a look at some practical applications answering questions such as: can I trust a web of trust? or should I use a block chain for this?
SecurityWe being surveilled! Governments and companies collect data. Hackers want that data.
What can software as a service providers do to protect data at rest? What if you need to work with that data? End-to-end encryption isn't an option, so where do we turn?
In this talk, Ben discusses and demos ways to securely and anonymously handling and distributing sensitive information between users, without allowing the raw data to give anything away.
SecurityPHP 7.2 includes the libsodium cryptography library by default in the base language - the first time that a popular language has shipped with strong, modern crypto support as standard. Everyone can build secure apps without the risks of rolling your own crypto or using outdated libraries. So what's in libsodium? What kind of things can you do? What mistakes does it prevent you making? What risks remain?
SecurityI'm the maintainer of a very popular open-source PHP package - PHPMailer. In December 2016, two critical vulnerabilities were found in PHPMailer, affecting potentially millions of sites. I'd been involved in reporting minor security issues in the past, but nothing of this magnitude, and never at the receiving end. I found myself at the start of a steep learning curve and an emotional roller-coaster; a story of open source, CVEs, and people.
SecurityYou're building a high performing, cross-platform web app, with JavaScript, some sweet APIs, and of course Markup, and the term "static site" just doesn't cut it anymore. Now you want your users to be able to securely store their data in your app, using a familiar identity provider like Facebook or Github.
Learn how to easily add Auth0 powered authentication to your JAM Stack app, and sleep soundly knowing your users secrets are safe.
SecurityStopping viruses is hard. They're clever, evolve, and become more resilient over time.
So let's write one! We'll see how they hide, how they propagate.
In this presentation, Ben takes you on a live-demo journey of self-replication, cryptographic obfuscation, and payload delivery.
Now you're thinking like a virus writer, you can anticipate which areas of your applications need hardening. Just remember, we're doing it for good, not profit!
To provide the best experiences, the usage of cookies are necessary. Some are essential for the proper functioning of the site, while others help us better cater to your interests.