Security Track

powered by Cognizant Softvision

Vicentiu Bacioiu

Speaker: Vicentiu Bacioiu

Talk: OAuth Unlocked - How it actually works

This session aims to describe how the OAuth standard works, go through the existing flows and see how they work and provide some tips on where to get started.

Philippe De Ryck

Speaker: Philippe De Ryck

Talk: Common API security pitfalls

The shift towards an API landscape indicates a significant evolution in the way we build applications. The rise of JavaScript and mobile applications have sparked an explosion of easily-accessible REST APIs. But how do you protect access to your API? Which security aspects are no longer relevant? Which security features are an absolutely must-have, and which additional security measures do you need to take into account?

These are hard questions, as evidenced by the deployment of numerous insecure APIs. Attend this session to find out about common API security pitfalls, that often result in compromised user accounts and unauthorized access to your data. We expose the problem that lies at the root of each of these pitfalls, and offer actionable advice to address these security problems. After this session, you will know how to assess the security of your APIs, and the best practices to improve them towards the future.

Leif Nixon

Speaker: Leif Nixon

Talk: HORRORLARITY

Whether to laugh or to cry, or both at the same time? Working in IT security can lead to some very mixed emotions.
We will revisit some of the speaker's favourite security vulnerabilities, to laugh, and maybe cry, together. We will cover things like the app-enabled toilet with crap security, the shockingly bad smart grid system, and the open source repository that was really, REALLY open.

Christian Wenz

Speaker: Christian Wenz

Talk: The Ten Most Critical Web Application Security Risks: OWASP Top Ten

Since 2003, the Open Web Application Security Project curates a list of the top ten secuity risks for web applications.
The 2017 list is the most current one, trying to mix both common and upcoming attacks, and to stay relevant in an ever-changing web world. Time to get an up-to-date refresh on how to create secure web applications, including attacks that did not make the list (but should be in there).