Ben Dechrai

Ben Dechrai

Ben is a software engineer with a huge passion for developer communities, and has been running grassroots meetups and conferences for almost two decades. Coding since the age of seven, he wrote his own identity and access management system for MS-DOS 3.0 and Windows 3.1 at the age of 15. He enjoys helping developers find the joy of experimentation by pushing tools to do things they weren't designed for, or developers to do things that might seem wrong.

Sessions Online 2021

Hacking JSON Web Tokens

Session en anglais - Intermédiaire

JSON Web Tokens, or JWTs, are a convenient way to bundle up a set of data (called claims), that can be relied upon by intended recipients such as APIs and Databases. They're verified through signatures and can be used in off-line environments!

The chances that things will go wrong are slim. Right?

Let's look at ways in which JWT implementations can go wrong, through live demos, and learn how to make sure we can trust these handy payloads.

Say Goodbye to Passwords and Hello to WebAuthn

Session en anglais - Débutant

We identify ourselves to websites daily, but as nearly ten billion leaked account details in "';--have i been pwned?" attest to, this process has a fatal weakness: passwords. Public key cryptography is the ideal goal, but until now it's been user unfriendly.

WebAuthn is a standard from the W3C and FIDO that solves this, while making it easy for website users, but how does it work, and how can you use it today?

Let's find out. Demo included!

Sessions Montréal 2019

Sessions Montréal 2018