SecAppDev 2023 Faculty

In this session, we explore how to leverage the fundamental security model of the web for security. We also explore complex attack patterns, such as CSRF, and how they impact even modern API-based applications.

Key takeaway: Understand how the browser reasons about web security, and how you can leverage this fundamental security model to secure your applications

In this session, we explore what OAuth 2.0 and OpenID Connect have to offer. We also investigate how to leverage these technologies to build a modern and secure application architecture.

Key takeaway: Understanding the fundamentals of OAuth 2.0 and OpenID Connect, and how to use these building blocks to design modern application architectures

In this session, we identify do's and don'ts when building CSP policies for modern applications. We explore how to enable CSP with third-party content and offer a nuanced opinion on building secure CSP policies.

Key takeaway: Modern best practices for building secure CSP policies, along with guidelines for deploying CSP in single page applications

User authentication is a critical component in almost every application. In this workshop, we explore user authentication and investigate which mechanisms are available in modern applications, along with their security properties, pros, and cons. You will learn about state-of-the-art passwordless authentication mechanisms, including the Web Authentication API and the newly-introduced PassKey mechanism. Additionally, we explore multi-factor authentication mechanisms and their security properties.

This workshop consists of a mix between lectures, demos, interactive quizzes, and hands-on labs.

Learning goal: In-depth understanding of the security properties provided by modern authentication mechanisms, along with the technical knowledge to implement these mechanisms in modern web applications.