SecuritéAuthorization and authentication are two of main problems on modern web application’s security,. They were both solved by OAuth 2.0 and OpenId Connect(OIDC). Considering them being fundamentally complicated, and variety of implementation, this may cause developers making some mistakes. I want to discuss some details in the specs which may lead to misconceptions and also go over common mistakes.
SecuritéThe internet has an identity crisis. How do you know that the person interacting with your product is who they claim to be? How can you be sure that they are a person at all? This is a talk about the evolution of identity on the internet, from a product development perspective. An overview of the things you should be aware of around digital identity when building software today, and the things you should pay attention to for the future.
SecuritéJSON Web Tokens, or JWTs, are a convenient way to bundle up a set of data (called claims), that can be relied upon by intended recipients such as APIs and Databases. They're verified through signatures and can be used in off-line environments!
The chances that things will go wrong are slim. Right?
Let's look at ways in which JWT implementations can go wrong, through live demos, and learn how to make sure we can trust these handy payloads.
SecuritéLoad balancers such as HAProxy, Varnish, Squid and Nginx play a crucial role in the performance of high-availability websites. All of those have different HTTP protocol parser implemented. What might be indicating the termination of one request for your load balancer might not be the end for your web server. In this presentation, see how an attacker can abuse vulnerable configurations or load balancer specific versions.
SecuritéOpenIdConnect is not a static thing. It's constantly in motion. What was recommended a year ago isn't the recommendation now. The addition of PKCE to the authorization code flow changed the OpenIdConnect world deprecating the old hybrid and implicit flows. In this session I'm explaining what's new in the spec while at the same time showing you how to implement the new recommendations in clients as well as in the identity provider.
SecuritéWe identify ourselves to websites daily, but as nearly ten billion leaked account details in "';--have i been pwned?" attest to, this process has a fatal weakness: passwords. Public key cryptography is the ideal goal, but until now it's been user unfriendly.
WebAuthn is a standard from the W3C and FIDO that solves this, while making it easy for website users, but how does it work, and how can you use it today?
SecuritéEver increasing cyber-attacks makes security an indispensable part of a modern web application. This session will explain about the importance of web security and how can we secure a modern web application. We will talk about JWT, what is the structure of JWT and how it works. We will also learn how to implement JWT based authentication in a full stack application created using Angular and ASP.NET Core with the help of a code demo.
SecuritéASP.NET Core Blazor is a production-ready framework for creating web applications. Web application security is important to any business. It also is one of the many challenges in modern web development. In this talk I go over Blazor Authentication and Authorization using modern technology and standards such as OpenIdConnect and OAuth 2.0. I discuss and demo implementation details using IdentityServer4.
SecuritéThe Open Web Application Security Project's Top Ten list is an often referenced source of the most common security risks for web applications. While the list itself is technology-agnostic, the countermeasures for those risks and attacks can differ greatly between frameworks.
Therefore, this session uses a different approach: we use a specific stack, .NET Core to be exact, and will show exactly how to prevent all the risks in the list.
SecuritéIn the 21st Century the Cyber Universe is threatened by Evil Source Code and Evil entities. The only hope for many developers is the Fifth Element : the Sec in Devops, which must be implemented side by side with the Four elementals : Code, Build, Test , Deploy. A Microsoft Services are bringing the Four Elements but can the Fifth be included, and will it save us from disaster? Checkout the Microsoft ecosystem in combo with sonarqube, snyk, etc.
SecuritéAccording to a study, nine out of ten web applications have security vulnerabilities. Recent events proved that not only old legacy sites were successfully attacked, but also new and recent applications, built with the best intentions and also with security in mind. We will have a look at common attacks, new attacks, and new twists to old attacks that demonstrate why so many websites may be compromised. As always: lots of live demos included!
Pour offrir une bonne expérience, l'utilisation de cookies est nécessaire. Certains sont essentiels au bon fonctionnement du site, tandis que d'autres nous aident à mieux répondre à vos intérêts.