SecAppDev 2024 lecture details
Introduction to Macaroons
A deep dive into the workings of Macaroons, a novel authorization technique developed by Google. Learn the unique capabilities of this exciting new technology and how it is being deployed by multiple companies to secure the cloud.
Wednesday June 5th, 14:00 - 15:30
Room Lemaire
Add to calendar (ICS) Add to Google calendarAbstract
Macaroons are a novel approach to authorization, based on cryptographic tokens that can be attenuated at any time by adding “caveats”. Introduced by a Google research paper in 2014, Macaroons have seen recent adoption by some cloud providers and OAuth2 servers.
In this session, we’ll describe in detail what Macaroons are, how they are implemented, and when they are useful. We will compare and contrast with other well-known standards such as JSON Web Tokens. Finally, we will look at some more recent token formats such as Biscuits that build on Macaroons.
Key takeaway
Learn when to use Macaroons vs other technologies for authentication tokens.
Content level
Introductory
Target audience
Back-end and front-end developers, technical architects, identity professionals.
Prerequisites
Basic knowledge of cryptography, in particular what a MAC is, digital signatures, encryption.
Join us for SecAppDev. You will not regret it!
Grab your seat now
Neil Madden
Founder and CEO, Illuminated Security Ltd
Expertise: Application security and applied cryptography
Join us for SecAppDev. You will not regret it!
Grab your seat nowRelated lectures
Supercharging OAuth 2.0 security
Advanced lecture by Philippe De Ryck in room Lemaire
Tuesday June 4th, 16:00 - 17:30
Discover how to apply OAuth 2.0 in high-security scenarios, exploring its latest security enhancements. Learn about advanced features like Resource Indicators, JAR, PAR, and DPoP, gaining the knowledge to implement OAuth 2.0 securely.
Key takeaway: OAuth 2.0 offers various new security enhancements, including Resource Indicators, JAR, PAR, DPoP, designed for high-security environments
An open source WAF in a high security setting
Introductory lecture by Christian Folini in room West Wing
Wednesday June 5th, 09:00 - 10:30
Introduction to WAFs, a highly commercial market with a dominant open source offering, crazy incentives of WAF vendors, the history of online voting in Switzerland, the 2019 disaster and ray of hope cast by the WAF.
Key takeaway: Basic understanding of web application firewalls, their use cases and their limits.
Security Signals - A framework to scale web security
Introductory lecture by Slawomir Goryczka in room West Wing
Tuesday June 4th, 14:00 - 15:30
Learn about Security Signals, a data-driven framework to scale web security, provide insights into security stance, and unique capabilities to manage security mitigations and remediations with high coverage, precision, and recall.
Key takeaway: Understand how and why security web infrastructure is built, used, and maintained at scale, also learn its components and capabilities it’s providing.