December 5-7, 2016
Vancouver, Canada

Security Conference

Security Cross-Site Scripting is one of the main risks for web applications - a position it has heal for over a decade! With Content Security Policy, this threat may finally come to an end. The W3C standard provides techniques to close many XSS vectors, offers fine-grained control over the security limitations you impose, and enjoys a decent browser support. We will show what CSP is capable of and also discuss how you may need to refactor your website.
Security In this talk, we will go over some of the most common attack vectors in code and how to protect against them while you write or edit a WordPress theme or plugin. Topics covered: escaping in WordPress, SQL and data sanitization, current_user_can(), using nonces to protect against CSRF, and WordPress and PHP security gotchas.
Security To protect our users and provide reliable, useful services, we need developers, engineers, SREs, information security, and the business savvy to all pull together. Rather than rely on onerous and (seemingly) abstract security recommendations, we need to understand what we're up against: who is attacking us? What are their motives, their capabilities? Let's threat model! Learn how to assess what defenses are meaningful and which are a waste of time.
Security Building a modern API architecture is a constant struggle between ease of development and security. JSON Web Tokens (JWTs) introduce a means of building authentication into JSON objects being transmitted through APIs.

In this session we’ll explore how JWTs work to build verifiable and trusted objects, allowing them to be combined with standards such as OAuth 2 for capturing access tokens, leading to a secure means of JavaScript SDK dev.
Security This talk will teach you the principles and practices of how to protect yourself from both active and passive attackers during day-to-day operations. We will focus on human aspects and the psychology of how people work to help you protect your information from any number of adversaries, in part by understanding, developing and applying suitable defenses across all layers of "cyber."

Explore all 104 sessions

Vancouver 2016 sponsored by