SecAppDev 2020 Lecture Details

Making smart choices from the authentication cookbook

Philippe De Ryck
Tuesday March 10, 11:00 - 12:30
Short description

Modern applications need to authenticate users and services in various scenarios. This session focuses on helping architects and developers understand the different authentication mechanisms and their purpose.

Abstract

Authenticating users or services in a modern application has become quite a challenge. Authentication mechanisms still include passwords, but also rely on API keys, signed JWT tokens, and cryptographic authenticators. With so many options to choose from, making the right choice becomes a difficult challenge.

In this session, we explore several authentication scenarios. We discuss API-based applications, microservice architectures, and modern frontend scenarios. At the end of this session, you will be able to choose the right authentication mechanism for your application according to current best practices.

Key takeaway

The ability to select the proper authentication mechanisms for modern applications.

Content level

Advanced

Target audience

Anyone building, designing or securing web or API-based applications

Prerequisites

None


Philippe De Ryck

Philippe De Ryck

Founder, Pragmatic Web Security

Philippe De Ryck helps developers protect companies through better web security. As the founder of Pragmatic Web Security, he travels the world to train developers on web security and security engineering. His Ph.D. in web security from KU Leuven lies at the basis of his exceptional knowledge of the security landscape. Google recognizes Philippe as a Google Developer Expert for his work on security in Angular applications.

Full speaker profile


Related identity and access management sessions

OAuth 2.0 Security Reinforced

Lecture by Dr. Torsten Lodderstedt

OAuth 2.0 has become the standard for API authorization. Practical experience and security research have shown a need for updated security guidelines that will be presented in this session.

Identity and access management Wednesday March 11, 16:00 - 17:30

Advanced OAuth for security-sensitive applications

Lecture by Dr. Torsten Lodderstedt

OAuth has become the standard for API authorization because of its simplicity and versatility. This talk will present battle-proven patterns and OAuth extensions that should be used when building security-sensitive applications.

Identity and access management Thursday March 12, 14:00 - 15:30

A practical introduction to OIDC (and OAuth 2.0)

Lecture by Dominick Baier

OIDC and OAuth 2.0 have become the de facto standard to implement authentication and authorization in modern applications. This session introduces their features, such as authentication, sessions, and protocol flows.

Identity and access management Wednesday March 11, 11:00 - 12:30

OIDC and OAuth 2.0 – Tips from the trenches

Lecture by Dominick Baier

Building an API-based system with OIDC and OAuth 2.0 raises quite a few questions. In this session, we answer these questions using common patterns and anti-patterns derived from real-world scenarios.

Identity and access management Thursday March 12, 11:00 - 12:30

Modern access control policies

Lecture by Jim Manico

TBD

Identity and access management Wednesday March 11, 09:00 - 10:30