Session List

Session List2019-10-02T20:07:53-05:00

Watch How The Giants Fall: Learning from Bug Bounty Results

Presented by: John Melton

Security is hard. We all miss things. Attackers find things. ...

Tags: SecurityFormat: General SessionLevel: Introductory and overview

Protecting your API with OAuth

Presented by: Dan Moore

OAuth is a well known standard and is useful for delegating authentication and authorization decisions to a central identity provider. As a developer, you’ve given a token when a grant completes. ...

Tags: Javascript, SecurityFormat: General SessionLevel: Introductory and overview

HTTP Security Headers You Need To Have On Your Web Apps

Presented by: Scott Sauber

In this session, you'll learn about every HTTP Security Header in existence (including HSTS, CSP, XFO, and more) from the bottom up. You'll get an overview of what they are, what they do, and how you can implement them to secure your web applications. On each of these, we'll demo a before and after...

Tags: SecurityFormat: General SessionLevel: Introductory and overview

Keeping your Kubernetes Cluster Secure

Presented by: Gene Gotimer

Many organizations are shifting to containers and Kubernetes, and that move means learning new ways to secure their environments. Kubernetes clusters have to be hardened at different levels. We have to consider the nodes where the Kubernetes control plane is running. We also need to secure the...

Tags: SecurityFormat: General SessionLevel: Intermediate

Introduction to inner-loop security. Shifting left, but better.

Presented by: Josh Wallace

We can barely make it through an AppSec talk or article without hearing about the wonders of “shift left” and how it is the key to solving all of our security problems. Every intro to AppSec talk starts with the cost savings and return on investment associated with discovering security defects...

Tags: Security, TestingFormat: General SessionLevel: Intermediate

Securing Your API Endpoints - A Practical Authentication Guide

Presented by: Seth Petry-Johnson

It's never been easier to expose services over HTTP. It's also never been easier to inadvertently expose security holes via those same services. ...

Tags: Javascript, SecurityFormat: General SessionLevel: Introductory and overview

Mistaken Identity: SAML and OAuth Security

Presented by: Wolfgang Goerlich

While everyone was focused on credentials, criminals quietly moved to exploiting mistakes in identity. You have a long and strong password? That’s sweet. You’re using all three types of multi-factor? That’s cute. It won’t matter when the adversaries compromise identity protocols after...

Tags: SecurityFormat: General SessionLevel: Intermediate

Binary Analysis for noobs - An Intro to Reverse Engineering

Presented by: Jason Slagle

Do you often find yourself wondering how security researchers discover bugs in systems? How do they earn bug bounties by examining existing software? Are you struggling in CTF challenges whenever you are fed a binary? If so this session is for you! ...

Tags: Other, SecurityFormat: General SessionLevel: Introductory and overview

Jakarta EE 10 is Coming Your Way!

Presented by: Ivar Grimstad

Jakarta EE 9 lowered the barriers of entry and established a foundation for future innovation paving the way for Jakarta EE 10. ...

Tags: Cloud, Java, SecurityFormat: General SessionLevel: Intermediate