SecAppDev 2023 workshop details

Designing and building secure user authentication mechanisms

Learning goal: In-depth understanding of the security properties provided by modern authentication mechanisms, along with the technical knowledge to implement these mechanisms in modern web applications.

Thursday June 15th, 09:00 - 17:30
Room West Wing
Abstract

User authentication is a critical component in almost every application. In this workshop, we explore user authentication and investigate which mechanisms are available in modern applications, along with their security properties, pros, and cons. You will learn about state-of-the-art passwordless authentication mechanisms, including the Web Authentication API and the newly-introduced PassKey mechanism. Additionally, we explore multi-factor authentication mechanisms and their security properties.

This workshop consists of a mix between lectures, demos, interactive quizzes, and hands-on labs.

Content overview
  • Overview of authentication mechanisms
  • Risk analysis of user authentication
  • Analysis of common attacks against user authentication
  • Security properties of various user authentication mechanisms
  • Designing secure user authentication
  • Guidelines to secure user registration and account recovery
  • Introduction to the Web Authentication API
  • Using WebAuthN in practice
  • Going passwordless with PassKeys
  • Overview of MFA mechanisms
  • Common attacks against MFA
  • Implementing secure MFA mechanisms
  • Interactive quizzes
  • Hands-on labs
Content level

Deep-dive

Target audience

Anyone designing and building applications that require user authentication

Prerequisites

Basic experience with building applications that require user authentication (frontend and backend).

Technical requirements

A laptop with a modern browser installed (preferably Chrome)

Join us for SecAppDev. You will not regret it!

Grab your seat now
Philippe De Ryck
Philippe De Ryck

Security Expert, Pragmatic Web Security

Expertise: Web security, API security, OAuth 2.0, OpenID Connect

More details

Join us for SecAppDev. You will not regret it!

Grab your seat now

Other workshops

SecAppDev offers the most in-depth content you will find in a conference setting

Grab your seat now