This session aims to describe how the OAuth standard works, go through the existing flows and see how they work and provide some tips on where to get started.
These are hard questions, as evidenced by the deployment of numerous insecure APIs. Attend this session to find out about common API security pitfalls, that often result in compromised user accounts and unauthorized access to your data. We expose the problem that lies at the root of each of these pitfalls, and offer actionable advice to address these security problems. After this session, you will know how to assess the security of your APIs, and the best practices to improve them towards the future.
Whether to laugh or to cry, or both at the same time? Working in IT security can lead to some very mixed emotions.
We will revisit some of the speaker's favourite security vulnerabilities, to laugh, and maybe cry, together. We will cover things like the app-enabled toilet with crap security, the shockingly bad smart grid system, and the open source repository that was really, REALLY open.
Since 2003, the Open Web Application Security Project curates a list of the top ten secuity risks for web applications.
The 2017 list is the most current one, trying to mix both common and upcoming attacks, and to stay relevant in an ever-changing web world. Time to get an up-to-date refresh on how to create secure web applications, including attacks that did not make the list (but should be in there).