25 au 27 février, 2026
Montréal, Canada
Conférence Securité
La liste des présentations est sujette à changement sans préavis.
Securité
Passkeys, using the WebAuthn protocol, replace passwords with stronger, simpler, and phishing-resistant authentication using your device's built-in security or a dedicated hardware key.
Let's look at passkey authentication and its implementation in ASP.NET Core applications. We'll demonstrate how to integrate passkey authentication into your projects. We will also explain origins and why they matter in a passkey deployment.
Let's look at passkey authentication and its implementation in ASP.NET Core applications. We'll demonstrate how to integrate passkey authentication into your projects. We will also explain origins and why they matter in a passkey deployment.
Securité
AI agents and automated workloads are now interacting directly with production systems, making API calls, triggering automation, and even writing data at machine speed. This creates new risks: over-privileged tokens, opaque decision-making, and lack of real-time control. In this session, we show how to secure these workloads using identity-aware proxies, OAuth 2.1, and Zero Trust policies.
Securité
Securing APIs has become more standardized with modern solutions like OAuth2, OIDC, SAML, and JWT. Now, tools like Keycloak and Symfony’s new features simplify implementing these protocols.
As an API developer, you’ll learn to enhance your API’s security. As an API consumer, you’ll discover how to interact securely with external APIs. Join us to master secure API practices, without the complexity!
As an API developer, you’ll learn to enhance your API’s security. As an API consumer, you’ll discover how to interact securely with external APIs. Join us to master secure API practices, without the complexity!
Securité
Ever had to add the ability to your ASP.NET Core web application to authenticate users? Be honest: did you fully understand what you were doing, or did you just copy-paste some code from StackOverflow or your favorite AI assistant and hope for the best?
In this session, I'll explain how authentication actually works in ASP.NET Core from start to finish. Bring your questions, and leave your fear of AddAuthentication() behind!
In this session, I'll explain how authentication actually works in ASP.NET Core from start to finish. Bring your questions, and leave your fear of AddAuthentication() behind!
Securité
Explore how to implement encryption correctly in real-world applications beyond just cryptography. Using live demos, learn architectural patterns for end-to-end encryption, perfect forward secrecy, secure device migration, and metadata protection. Attendees will gain practical knowledge to build truly secure systems that scale and avoid common pitfalls.
Securité
CSRF vulnerabilities were thought to be a thing of the past thanks to automatic protections integrated into APIs, which require a token or header. Many client-side scripts automatically inject these tokens or headers. The "Client-Side Path Traversal" attack abuses this mechanism. Several examples of vulnerable code will be presented. This talk will also offer solutions to effectively mitigate this emerging risk.
Securité
A cryptic videotape haunting its viewers, a shape-shifting entity haunting a research station, or an astronaut unknowingly carrying an alien onto a spaceship, do these scenarios sound familiar? These horror movie plots share similarities with creepy scenarios in web security you have already encountered. In a horror movie, a team should never split up, so please join me in countering the horrors of injection, broken access control and others!
Securité
This session demystifies the vulnerability lifecycle for Java devs: how flaws are found, scored (CVSS), and disclosed.
Learn the key databases (NVD, GitHub Advisory, OSS Index) and the tools that use them.
Get hands-on with discovery (SBOM), remediation (VEX files) and their associated tools. Also learn how handle framework End-of-Life.
Turn security from burden to advantage in your Java projects.
Learn the key databases (NVD, GitHub Advisory, OSS Index) and the tools that use them.
Get hands-on with discovery (SBOM), remediation (VEX files) and their associated tools. Also learn how handle framework End-of-Life.
Turn security from burden to advantage in your Java projects.
Securité
When it comes to securing AI, protecting the model is often a tiny piece of the puzzle, if not a distraction from the real risks.
This session presents a full-stack security approach for your entire AI pipeline. We'll cover everything from initial threat modeling and data handling policies to the practical details of protecting your cloud infrastructure, APIs, and keys. Learn to secure AI end-to-end.
This session presents a full-stack security approach for your entire AI pipeline. We'll cover everything from initial threat modeling and data handling policies to the practical details of protecting your cloud infrastructure, APIs, and keys. Learn to secure AI end-to-end.
Securité
What if the code you’re shipping isn’t yours anymore? The scariest JavaScript bugs don’t always come from your team, they come from open-source packages that have been possessed. This talk digs deep into the dark world of supply chain tampering: what it looks like, how it happens, and what modern devs can do to protect themselves. We’ll talk tamper detection, package provenance, lockfile integrity, and even how to set up GitHub Actions.
Securité
In summer 2024, I became a repo man for a day—legally reclaiming a vehicle without confrontation. In this talk, I share how I approached it like a capture-the-flag challenge: planning, intel gathering, analysis, and execution. I cover legal recovery, avoiding counterattacks, and lessons on personal security my adversary could have used to stop me.
Securité
Ever wonder what’s lurking in the dark corners of your node_modules, like unidentified flying dependencies sneaking aboard your project? In an age of escalating software supply chain attacks, knowing exactly what you're shipping is as vital as tracking strange lights in the sky. This talk will shine a beam on SBOMs (Software Bills of Materials), explaining why frontend developers should care and how to generate one.
Securité
In a server-side app, it's easy to find out what went wrong from logs. But what about the client side? The W3C's Reporting API, Content-Security-Policy, Network Error Logging (NEL), and the Reporting-Endpoints HTTP headers can let you know about all kinds of client-side issues that you might otherwise never see. Find out how to use them, monitor what they're up to, and solve all the issues that only your customers have been seeing!
Securité
This is a workshop on oAuth2, how to implement on the client and server side. First I will describe the essential mechanics, and the "almost" standards (there exists a few implementations unfortunately).
Then I will describe, and allow you to diagram your own data structure and see how it integrates with your current data structure.
Then I will demonstrate how to generalize the implementation so it is database driven and not hard coded!
Then I will describe, and allow you to diagram your own data structure and see how it integrates with your current data structure.
Then I will demonstrate how to generalize the implementation so it is database driven and not hard coded!
Securité
LLMs are often pitched as coding co-pilots, but their true long-term value for engineering teams can be in tackling the tedious work nobody wants to do.
This session will present a selection of practical, "boring" LLM use cases, such as the enforcement of security policies and training. We'll have a critical look at what to trust and how to verify an LLM's output when it comes to code and knowledge transfer.
This session will present a selection of practical, "boring" LLM use cases, such as the enforcement of security policies and training. We'll have a critical look at what to trust and how to verify an LLM's output when it comes to code and knowledge transfer.
Securité
AI tools are rapidly embedding themselves into every layer of the modern development stack, whether via design platforms, IDEs, chatbots, review services, MCP servers, or CLI tools. But what happens to your sensitive data and code when these tools are involved? What are they really up to behind the scenes, and what risks do they introduce?
We'll take a practical tour of threats, vectors, and defensive strategies to help you use AI tools safely
We'll take a practical tour of threats, vectors, and defensive strategies to help you use AI tools safely
Securité
AI is built on probability, not certainty. Security is built on definitely.
From image classifiers to Generative AI, these systems operate on “most likely correct,” raising new security questions. Can we apply the same deterministic models we’ve trusted for decades, or do probabilistic outcomes demand new thinking? This talk explores the risks, when traditional tools still apply, and how to keep teams safe as AI assistants reshape workflows.
From image classifiers to Generative AI, these systems operate on “most likely correct,” raising new security questions. Can we apply the same deterministic models we’ve trusted for decades, or do probabilistic outcomes demand new thinking? This talk explores the risks, when traditional tools still apply, and how to keep teams safe as AI assistants reshape workflows.
Securité
Cette conférence offre un guide pratique des vulnérabilités spécifiques à l'IA, techniques d'attaque et de défense, avec démonstrations de red teaming sur LLMs. Méthodologie d’attaque contrôlée (prompt injection, exfiltration), métriques de robustesse et mise en place de garde-fous runtime.
Securité
This session demonstrates how to detect, analyze, and prevent prompt leaks and persona failures in large language models. Participants will learn proven techniques and tools for securing AI prompts, enforcing consistent bot behaviour, and integrating evaluation and threat modelling into real-world engineering workflows.
Securité
The current leading cause of breaches is credential abuse. In 2024, 93% of organizations faced multiple identity-related breaches, driven by secrets sprawl across code, scripts, and tools. Attackers exploit plaintext credentials daily.
This talk delivers an end-to-end roadmap to secure the vast majority of these identities, belonging to machines at scale: detection, vaulting, developer workflows, rotation, and governance.
This talk delivers an end-to-end roadmap to secure the vast majority of these identities, belonging to machines at scale: detection, vaulting, developer workflows, rotation, and governance.
Securité
Modern applications face security challenges across the full software lifecycle, from development to production. This session explores strategies to integrate vulnerability scanning early in the IDE, enforce secure practices in CI/CD, and monitor running systems. Learn how to identify, remediate, and prevent security risks throughout the SDLC, creating resilient, secure applications without slowing development.
Securité
Since 2003, the Open Web Application Security Project curates a list of the top ten security risks for web applications. In 2025, the first update to the list in four years has finally been released.
Time to have a look at what's new, what has changed, and to get an up-to-date refresh on how to create secure web applications and prevent the top ten risks from happening. We will also discuss whether the list is still relevant, and what's missing.
Time to have a look at what's new, what has changed, and to get an up-to-date refresh on how to create secure web applications and prevent the top ten risks from happening. We will also discuss whether the list is still relevant, and what's missing.
© 2010-2025 ConFoo. Tous droits réservés. Code de conduite
Gestion des Cookies
Pour offrir une bonne expérience, l'utilisation de cookies est nécessaire. Certains sont essentiels au bon fonctionnement du site, tandis que d'autres nous aident à mieux répondre à vos intérêts.