13 au 15 mars, 2019
Montréal, Canada
Conférence Securité à Montréal
Securité
The concept of Cross-site Scripting (XSS) is over 20 years old, but the attack does not seem to go away. There is finally light at the end of the tunnel: Content Security Policy is a W3C standard that can effectively limit which JavaScript code a browser is allowed to run. In this session we will have a look at different features and versions of CSP, provide best practices for using this technology, and also analyze implementation strategies.
Securité
You’ve probably seen how a ASP.NET Core application works, but authentication and authorization are a different cup of tea. Microsoft completely re-did a large part of these security features in ASP.NET Core.
We'll look at the different case of doing authentication for your application, with ASP.NET Core Identity or by using a token service (STS). When that's done we'll dive into the authorization part which is also completely overhauled.
We'll look at the different case of doing authentication for your application, with ASP.NET Core Identity or by using a token service (STS). When that's done we'll dive into the authorization part which is also completely overhauled.
Securité
Web applications are getting more complex. A lot of effort has been deployed in web frameworks.
On the other side, the infrastructure used is rarely scrutinized by developers for potential vulnerabilities.
This talk will show you how the use of a cache server can introduce serious vulnerabilities to your web applications. It will cover Web Cache Deception, ESI injection and Cache poisoning. These attacks have all emerged in the past two years.
On the other side, the infrastructure used is rarely scrutinized by developers for potential vulnerabilities.
This talk will show you how the use of a cache server can introduce serious vulnerabilities to your web applications. It will cover Web Cache Deception, ESI injection and Cache poisoning. These attacks have all emerged in the past two years.
Securité
DLL Injection sounds like some black magic used only by hackers. However, it is used widely in the Windows ecosystem by multiple antiviruses and system utilities. During the presentation I show how we can use it to change 3rd party applications, how to write simple keylogger in 20 lines of code, and how to inject both native and managed code into other applications. We will see memory management on x86 and some Windows internals.
Securité
Experience with security is a useful and even profitable skill for every technical and non-technical employee in IT. Contrary to common stereotypes, security is far more than black hoodies, math and crypto. It's also humans and communication skills. Attendees of my talks regularly ask me how to get started. Let me introduce you to diverse areas of info sec and point you to books, online courses, talks, and other resources to get you started.
Securité
Every month, we hear about a new data breach and billions of user passwords are being shared as we speak. How can we stop this? There is a simple solution, let’s stop using passwords! From email links to biometrics, more and more technologies are available to help developers handle different types of credentials. During this presentation, the attendees will learn about some of the alternatives and how to implement them.
Securité
Remember when setting up an auth system was easy? Me neither. From the signup form, the login form, password reset form, and all the validation in between it can easily take weeks if not months to get something basic up and running. Then you have to deal with all the security considerations. No thanks. During this presentation, the attendees will be introduced to OpenID and OAuth and learn how to use them to make more secure apps.
Securité
The story is always the same; if you want to create a JavaScript centric app with API and identity security, you’re told that you need to have a server-side component for handling your identity and application security. That’s simply not the case in modern development.
In this session we'll look at client-side identity, API, and token security, exploring token downscoping methodologies, key management tools, and security on the client.
In this session we'll look at client-side identity, API, and token security, exploring token downscoping methodologies, key management tools, and security on the client.
Securité
From IoT thermostats to self-opening windows, there's an off the shelf product out there that will allow you to control your home. Proprietary hubs in the cloud allow you to control your home from anywhere, but also gives the vendor full control!
In this talk, Ben discusses tools and components available today, to create your own home automation system. Keep control over your data, and still turn off the oven from the other side of the world!
In this talk, Ben discusses tools and components available today, to create your own home automation system. Keep control over your data, and still turn off the oven from the other side of the world!
Securité
IoT has been, and still is, a very hot topic. Same for security. Mix the two, and we get all sorts of scary news headlines.
In this talk, Ben will discuss ways in which you can improve the security of your IoT applications, using a live demo around automatic doors as an example.
In this talk, Ben will discuss ways in which you can improve the security of your IoT applications, using a live demo around automatic doors as an example.
Securité
The EU new General Data Protection Regulation (GDPR) came into force in May 2018, significantly raising privacy & data protection standards. Its effects are being felt around the world, helping users to regain control of their own data outside of Europe too. As part of this, privacy by design provides a primary line of defence between companies and terrible headlines. Learn what developers & project managers need to know about GDPR in this talk.
Securité
Keeping your web application secure and free from vulnerabilities is hard work, even if you know the OWASP Top 10. In this talk I will show tools, best practices and patterns to help you with this, so that you can find security issues before an attacker does and even prevent them in the first place.
Securité
In this talk, i speak about some basics actions to secure your API. Keeping in mind that an API remains a web application, without html/javascript, i will do a demo of SQL injection and then quickly review the OWASP top 10 application security risks. From there i zoom on authentication doing a focus on oauth2/OpenID Connect. Stepping to API Management, i deep dive on some features that can help us to secure our APIs.
Securité
Using JSON Web Tokens (JWTs) for API Authorization can have awesome benefits over the more traditional session-ids approach: stateless verification/authorization, cross-domain and being client-side readable, but using JWTs on the web can be contentious. There is a lot of concern (and a lot of FUD spread) about using JWTs in web apps, specifically about storing the JWT in localstorage, but luckily there is a better way...
Securité
The Open Web Application Security Project (OWASP) curates a list of the top ten security risks for web applications and how to mitigate them. The ever changing world of web development created a challenge for the 2017 list, which needs to combine both existing approaches and modern trends in web development. We will have a look at each item in the list, see what can go wrong (with code!), and make sure that this won't happen in our web sites.
Securité
TLS encryption is an important part of websites, service and app deployment, and plays a vital role in protecting data in transit. TLS 1.2 has been around since 2008, and it's being replaced by the excitingly-named TLS 1.3. This talk will give you a rundown on the shortcomings of TLS 1.2 and earlier versions, how and why 1.3 changes things, and what changes you may need to make in your deployments to take advantage of the 1.3 enhancements.
Montréal 2019
sponsored by
© 2010-2024 ConFoo. Tous droits réservés. Code de conduite
Gestion des Cookies
Pour offrir une bonne expérience, l'utilisation de cookies est nécessaire. Certains sont essentiels au bon fonctionnement du site, tandis que d'autres nous aident à mieux répondre à vos intérêts.