21 au 23 février, 2024
Montréal, Canada
Conférence Securité à Montréal
Securité
JSON Web Tokens are everywhere - you are using a bunch of them right now. It's such a common technology, yet, it's very easy to get them wrong. In this session, we get to the nitty gritty of JWT's - what they are, how they work, and how to make sure that we haven't made an app that just waits to be hacked.
Securité
The Symfony Security component has recently been totally reworked in order to make it simpler to use and extend. In this talk we’ll make a deep dive into the component and dissect all the many concepts of its architecture such as authentication, passport, badges, authorizations, voters, etc. You’ll also discover how to create custom authenticators, make password less authentication with magic links and login throttling mechanisms.
Securité
In this talk we'll have a comprehensive look at the most common security risks that affect mobile applications according to the Open Web Application Security Project, with interesting code samples in C#, as well as some tips and tricks on how to prepare our app to walk around each potential security risk.
Securité
How can a tiny vulnerability in a web application lead to to a take over of your complete Kubernetes cluster and cloud provider account? In this talk, I'll show you on a live system, how a hacker could end up doing exactly that. You will learn about different attack vectors, and how you can protect yourself against each one of them with a multi-layered security strategy. And all of this with the help of open-source tools.
Securité
In this session, I dissect how we built an edge computing device into a conference badge, while enabling it to reliably report metrics on the (badge) wearer to a health check and monitoring system.
The talk focuses on the software challenges of edge computing. I specifically look at "noisy environments", network isolation, and trust barriers to illustrate what goes into the "dos" and "do nots" of building reliable workload orchestration.
The talk focuses on the software challenges of edge computing. I specifically look at "noisy environments", network isolation, and trust barriers to illustrate what goes into the "dos" and "do nots" of building reliable workload orchestration.
Securité
This talk wants to provide you with a boilerplate knowledge on encryption and how to encrypt and decrypt data in PHP with public and private keys. It will be demonstrated with live code for attendees to follow.
Securité
In recent years, the ways that we can deliver HTTP has improved in occasional leaps, from 1.0, 1.1, a big step to 2.0, and now 3.0. One of the biggest obstacles has been TCP, which isn't a great fit for HTTP, but we are stuck with it – or are we? QUIC is a reimagining of TCP that runs over "the other protocol", UDP, giving us yet another step up in performance and security. Discover how it works, and how you can deploy it today.
Securité
Cross-Site Scripting (XSS) is still one of the most common vulnerabilities in web applications, despite well-known and effective countermeasures. Often neglected however are XSS issues when using a Single-Page Application (SPA) framework like Angular, React, or Vue.js. We will have a look at those systems, analyze the attack surface, and look for both specific weaknesses and specific countermeasures. A must-see session if you are using SPAs.
Securité
In this session, I dive into the process of building a secure workflow for infrastructure deployments, starting from a developer's machine to deploying protected workloads in "production".
I look at separation of concerns from a security and networking perspective and highlight the skills operations engineers may need to level up.
Attendees can expect to learn which design patterns matter, which don't, and how to implement them at scale.
I look at separation of concerns from a security and networking perspective and highlight the skills operations engineers may need to level up.
Attendees can expect to learn which design patterns matter, which don't, and how to implement them at scale.
Securité
Attackers write crafty code to compromise apps, steal data, and cover their tracks. To protect against them, you must understand them.
Learn from our real-world ecommerce breach investigations as we demonstrate weaknesses & exploit techniques.
See code used to create hidden persistent backdoors, covertly capture & exfiltrate credit card data, and hide evidence of attacks.
Leave with new protection strategies along with a top 10 cheat sheet.
Learn from our real-world ecommerce breach investigations as we demonstrate weaknesses & exploit techniques.
See code used to create hidden persistent backdoors, covertly capture & exfiltrate credit card data, and hide evidence of attacks.
Leave with new protection strategies along with a top 10 cheat sheet.
Securité
Let's delve into the realm of online authentication. From traditional passwords to WebAuthn and Passkeys, we'll explore the history, security enhancements, and improved user experience.
Don't miss this insightful talk on the current state of authentication and the future of digital identity, as we examine whether passwords are on the brink of obsolescence or still have a role to play in our increasingly connected world.
Don't miss this insightful talk on the current state of authentication and the future of digital identity, as we examine whether passwords are on the brink of obsolescence or still have a role to play in our increasingly connected world.
Securité
WebAssembly has been available in all major browsers, and Node.js, since 2017. Since then, additional features have been added and its use has expanded outside the browser to places like edge and serverless computing, containers, and IoT. It's even possible to leverage it from within your code! In this talk, you'll learn how WebAssembly works and about the new capabilities that have been added.
Securité
Threat Modeling is critical to achieving design goals for system security and data privacy.
This talk presents Threat Modeling Capabilities you can use to implement or reorganize an organization wide practice.
Using a business capability format, we will cover those areas at a high level: Strategy, Education, Creating and Acting on Threat Models, Communications, Measurement and Program Management.
This talk presents Threat Modeling Capabilities you can use to implement or reorganize an organization wide practice.
Using a business capability format, we will cover those areas at a high level: Strategy, Education, Creating and Acting on Threat Models, Communications, Measurement and Program Management.
Securité
You will learn about the most common security vulnerabilities in node.js and see how you can fix them with real life code examples. I'm going to bring my experience as Node.js core collaborator and member of the security working group, and we will go through some of the vulnerabilities that have been fixed in the past.
Securité
Do you know how to secure your APIs? Tokens alone are far from enough. Automated direct access to the application business logic allows whole new classes of attack vectors and vulnerabilities - data extraction, impersonation, rogue access, and more. You can deploy countermeasures like elevated access requirements, multi-factor auth, response limits, etc. Let's explore both sides of that coin to let you properly design security for your APIs.
Montréal 2024
sponsored by
© 2010-2024 ConFoo. Tous droits réservés. Code de conduite
Gestion des Cookies
Pour offrir une bonne expérience, l'utilisation de cookies est nécessaire. Certains sont essentiels au bon fonctionnement du site, tandis que d'autres nous aident à mieux répondre à vos intérêts.