SecAppDev 2024 lecture details
Security foundations for modern web applications
In this session, we explore how to leverage the fundamental security model of the web for security. We also explore how to build a secure foundation for your web and API-based applications.
Monday June 3rd, 11:00 - 12:30
Room West Wing
Add to calendar (ICS) Add to Google calendarAbstract
Web security is messy, quirky, and often quite complicated. Without a solid understanding of the security model, navigating this tangled web and building secure applications is impossible.
In this session, we explore how the browser thinks about security and how we can leverage that to build more secure web applications and APIs. We define core security techniques that you can use as the secure baseline to build your applications on. This session will give you the necessary background to secure your applications, and to dive into more advanced web security topics here at SecAppDev.
Key takeaway
Understand how the browser reasons about web security, and how you can leverage browser security mechanisms to secure your applications
Content level
Introductory
Target audience
Anyone building applications that are exposed to the Internet
Prerequisites
None
Join us for SecAppDev. You will not regret it!
Grab your seat nowPhilippe De Ryck
Security Expert, Pragmatic Web Security
Expertise: Web security, API security, OAuth 2.0, OpenID Connect
Join us for SecAppDev. You will not regret it!
Grab your seat nowRelated lectures
Supercharging OAuth 2.0 security
Advanced lecture by Philippe De Ryck in room Lemaire
Tuesday June 4th, 16:00 - 17:30
Discover how to apply OAuth 2.0 in high-security scenarios, exploring its latest security enhancements. Learn about advanced features like Resource Indicators, JAR, PAR, and DPoP, gaining the knowledge to implement OAuth 2.0 securely.
Key takeaway: OAuth 2.0 offers various new security enhancements, including Resource Indicators, JAR, PAR, DPoP, designed for high-security environments
An open source WAF in a high security setting
Introductory lecture by Christian Folini in room West Wing
Wednesday June 5th, 09:00 - 10:30
Introduction to WAFs, a highly commercial market with a dominant open source offering, crazy incentives of WAF vendors, the history of online voting in Switzerland, the 2019 disaster and ray of hope cast by the WAF.
Key takeaway: Basic understanding of web application firewalls, their use cases and their limits.
Introduction to Macaroons
Introductory lecture by Neil Madden in room Lemaire
Wednesday June 5th, 14:00 - 15:30
A deep dive into the workings of Macaroons, a novel authorization technique developed by Google. Learn the unique capabilities of this exciting new technology and how it is being deployed by multiple companies to secure the cloud.
Key takeaway: Learn when to use Macaroons vs other technologies for authentication tokens.