Ever since the introduction of OAuth 2.0, the framework has been in continuous evolution. The initial specification addressed a strong need for delegation. However, since then, various addendums focus on the needs of modern applications. Today, the suite of OAuth 2.0 specifications supports a broad spectrum of different scenarios. For each of these scenarios makes their security assumptions and histiocytoma dog home treatment defines a set of best practices.
In this talk, we will investigate a number of these recent additions. We look at the recently added “Proof of Key for Code Exchange” (PKCE) flow. We also investigate how it is becoming the default flow histiocytoma dog home treatment for Single Page Applications. We also extensively dive into “Proof of Possession” tokens. Their security properties are significantly better than bearer tokens. Consequentially, everyone should know what they entail, and how to use them. You will walk away with a solid overview of recent histiocytoma dog home treatment evolutions in OAuth 2.0, and where to use them in your applications.
Philippe De Ryck helps developers protect companies through better web histiocytoma dog home treatment security. As the founder of Pragmatic Web Security, he travels the world to train developers on web security histiocytoma dog home treatment and security engineering. His Ph.D. in web security from KU Leuven lies at the basis histiocytoma dog home treatment of his exceptional knowledge of the security landscape. Google recognizes Philippe as a Google Developer Expert for his histiocytoma dog home treatment work on security in Angular applications.
This session reports on an extensive analysis of 14 months histiocytoma dog home treatment of domain registration in the .eu TLD. In particular, we investigate domain names that are registered for malicious purposes histiocytoma dog home treatment (such as spam, phishing, botnets C&C, …). The goal of our research is to understand and identify histiocytoma dog home treatment large-scale malicious campaigns, and to early detect and prevent malicious registrations.
Finally, we present our automatic prediction system, that classifies at registration time whether a domain name will histiocytoma dog home treatment be used maliciously or benign. As such, malicious domain registrations can effectively be prevented from doing any histiocytoma dog home treatment harm. As part of the talk, we discuss the first results of this prediction system, which currently runs in production at EURid, the registry of the .eu TLD.
Content Security Policy (CSP) was first introduced in 2012. It should have been a silver-bullet defense against various injection attacks, including the rampant Cross-Site Scripting vulnerabilities. Unfortunately, modern development practices and legacy code bases proved to be histiocytoma dog home treatment substantial obstacles. New versions of CSP were released to address usability and histiocytoma dog home treatment compatibility for developers. Unfortunately, researchers discovered many bypasses and vulnerabilities in real-world CSP policies. The latest problem is known as script gadgets, where data is turned into code by legitimate functionality.
The way that software is being deployed is undergoing a histiocytoma dog home treatment massive transformation. As a result, security teams are at a point where they must adapt histiocytoma dog home treatment or be left in the dust. Traditional application security used to be heavyweight and human-driven. Tasks are more often than not mostly manual efforts. Time-consuming security testing often breaks down in an automated world. Dynamic vulnerability scanning and manual code reviews are incompatible with histiocytoma dog home treatment a world where code changes are automatically being pushed to histiocytoma dog home treatment production hundreds of times per day.
This talk will share lessons learned from helping teams of histiocytoma dog home treatment all sizes and maturity levels with their transformation to a histiocytoma dog home treatment DevSecOps model where security goes from being a blocker to histiocytoma dog home treatment an enabler. Specifically, we will cover some of the tools and processes you histiocytoma dog home treatment can start using right now. These tools allow you to start adding real value to histiocytoma dog home treatment your organization through enhanced visibility, vulnerability discovery, and feedback loops. It is time to adapt and embrace a new era histiocytoma dog home treatment of security.
Dx2 Shin Megami Tensei Liberation is a turn-based JRPG with gacha elements (if you don’t know what gacha is, think about it like a toy capsule vending…
In selecting the best mini camera, you should be able to decide first on its type. The market is already saturated with cameras of all sorts canine…
The undead serial killer Jason Voorhees returns to Camp Crystal angiomatoid fibrous histiocytoma treatment Lake. An undercover government agent lures…