SecAppDev 2024 lecture details
Security Signals - A framework to scale web security
Learn about Security Signals, a data-driven framework to scale web security, provide insights into security stance, and unique capabilities to manage security mitigations and remediations with high coverage, precision, and recall.
Tuesday June 4th, 14:00 - 15:30
Room West Wing
Add to calendar (ICS) Add to Google calendarAbstract
Ensuring the security of web applications developed by many different engineers requires a solid understanding of security details and can be quite hard to scale. Thus, a web security team should also own the rollouts of security features. This requires a mindset shift, and high-quality metrics and tools to perform such changes.
In this session, we'll explore Security Signals, a framework for collecting and processing aggregated and de-identified traffic logs across all Google web properties. Using the adoption of strict CSP as an example, we will take a closer look at how all components work.
Key takeaway
Understand how and why security web infrastructure is built, used, and maintained at scale, also learn its components and capabilities it’s providing.
Content level
Introductory
Target audience
Developers and security specialists interested in securing web applications.
Prerequisites
Basic knowledge of web application security.
Join us for SecAppDev. You will not regret it!
Grab your seat nowSlawomir Goryczka
Software Engineer in Security, Google
Expertise: Data Driven Security and Privacy in Large Distributed Environments
Join us for SecAppDev. You will not regret it!
Grab your seat nowRelated lectures
Supercharging OAuth 2.0 security
Advanced lecture by Philippe De Ryck in room Lemaire
Tuesday June 4th, 16:00 - 17:30
Discover how to apply OAuth 2.0 in high-security scenarios, exploring its latest security enhancements. Learn about advanced features like Resource Indicators, JAR, PAR, and DPoP, gaining the knowledge to implement OAuth 2.0 securely.
Key takeaway: OAuth 2.0 offers various new security enhancements, including Resource Indicators, JAR, PAR, DPoP, designed for high-security environments
An open source WAF in a high security setting
Introductory lecture by Christian Folini in room West Wing
Wednesday June 5th, 09:00 - 10:30
Introduction to WAFs, a highly commercial market with a dominant open source offering, crazy incentives of WAF vendors, the history of online voting in Switzerland, the 2019 disaster and ray of hope cast by the WAF.
Key takeaway: Basic understanding of web application firewalls, their use cases and their limits.
Introduction to Macaroons
Introductory lecture by Neil Madden in room Lemaire
Wednesday June 5th, 14:00 - 15:30
A deep dive into the workings of Macaroons, a novel authorization technique developed by Google. Learn the unique capabilities of this exciting new technology and how it is being deployed by multiple companies to secure the cloud.
Key takeaway: Learn when to use Macaroons vs other technologies for authentication tokens.