December 5-7, 2016
Vancouver, Canada
Vancouver Security Conference
Security
Cross-Site Scripting is one of the main risks for web applications - a position it has heal for over a decade! With Content Security Policy, this threat may finally come to an end. The W3C standard provides techniques to close many XSS vectors, offers fine-grained control over the security limitations you impose, and enjoys a decent browser support. We will show what CSP is capable of and also discuss how you may need to refactor your website.
Security
In this talk, we will go over some of the most common attack vectors in code and how to protect against them while you write or edit a WordPress theme or plugin. Topics covered: escaping in WordPress, SQL and data sanitization, current_user_can(), using nonces to protect against CSRF, and WordPress and PHP security gotchas.
Security
To protect our users and provide reliable, useful services, we need developers, engineers, SREs, information security, and the business savvy to all pull together. Rather than rely on onerous and (seemingly) abstract security recommendations, we need to understand what we're up against: who is attacking us? What are their motives, their capabilities? Let's threat model! Learn how to assess what defenses are meaningful and which are a waste of time.
Security
Building a modern API architecture is a constant struggle between ease of development and security. JSON Web Tokens (JWTs) introduce a means of building authentication into JSON objects being transmitted through APIs.
In this session we’ll explore how JWTs work to build verifiable and trusted objects, allowing them to be combined with standards such as OAuth 2 for capturing access tokens, leading to a secure means of JavaScript SDK dev.
In this session we’ll explore how JWTs work to build verifiable and trusted objects, allowing them to be combined with standards such as OAuth 2 for capturing access tokens, leading to a secure means of JavaScript SDK dev.
Security
This talk will teach you the principles and practices of how to protect yourself from both active and passive attackers during day-to-day operations. We will focus on human aspects and the psychology of how people work to help you protect your information from any number of adversaries, in part by understanding, developing and applying suitable defenses across all layers of "cyber."
Vancouver 2016
sponsored by
© 2010-2024 ConFoo. All rights reserved. Code of Conduct
Managing Cookie Consent
To provide the best experiences, the usage of cookies are necessary. Some are essential for the proper functioning of the site, while others help us better cater to your interests.