SecAppDev 2023 lecture details
OAuth 2.0 and OpenID Connect architectures
In this session, we explore what OAuth 2.0 and OpenID Connect have to offer. We also investigate how to leverage these technologies to build a modern and secure application architecture.
Monday June 12th, 16:00 - 17:30
Room West Wing
Download handoutsAbstract
OAuth 2.0 and OpenID Connect (OIDC) have become fundamental building blocks of modern application architectures. Unfortunately, architects and developers often lack a solid understanding of these technologies, current best practices, and recommended use cases, resulting in overly complex or insecure applications.
In this session, we start with a brief overview of what OAuth 2.0 and OIDC offer. With that knowledge, we look into concrete application architectures that leverage OAuth 2.0 and OIDC for security. In the end, you will be able to apply this knowledge to your applications.
Key takeaway
Understanding the fundamentals of OAuth 2.0 and OpenID Connect, and how to use these building blocks to design modern application architectures
Content level
Deep-dive
Target audience
Architects, developers, security professionals
Prerequisites
Basic experience with designing API-based applications
Philippe De Ryck
Security Expert, Pragmatic Web Security
Expertise: Web security, API security, OAuth 2.0, OpenID Connect
Related lectures
Demystifying Zero Trust
Introductory lecture by Bart Preneel in room Lemaire
Wednesday June 14th, 09:00 - 10:30
We discuss the principles of zero trust and explain how it can be implemented. We also discuss how we can build up trust in devices, software and hardware components.
Key takeaway: Understand whether zero trust is useful for your organization or system. Reflect on which products and services you trust and why
Security architecture in a distributed world
Deep-dive lecture by Isabelle Mauny in room Lemaire
Tuesday June 13th, 14:00 - 15:30
This session highlights challenges in securing distributed applications and suggests field-tested solutions to tackle this emerging issue.
Key takeaway: Understand and address the challenges of securing a distributed application composed of hundreds of micro-services.
Modern security features for web apps
Introductory lecture by Lukas Weichselbaum in room Lemaire
Wednesday June 14th, 14:00 - 15:30
Learn about new web platform security mechanisms available in web browsers that enable developers to protect their web applications from common and new web attacks.
Key takeaway: Learn how to use new web security features such as CSP3, Trusted Types, Fetch Metadata and COOP to prevent classes of prevalent & emerging web attacks