SecAppDev 2024 lecture details
Supercharging OAuth 2.0 security
Discover how to apply OAuth 2.0 in high-security scenarios, exploring its latest security enhancements. Learn about advanced features like Resource Indicators, JAR, PAR, and DPoP, gaining the knowledge to implement OAuth 2.0 securely.
Tuesday June 4th, 16:00 - 17:30
Room Lemaire
Download handoutsAbstract
OAuth 2.0 is more than a decade old and has been adopted far beyond the initial expectations, including highly-sensitive eHealth and financial scenarios.
This session will guide you through using OAuth 2.0 in environments where security is paramount. We will dive into the latest specifications designed to enhance OAuth 2.0's security capabilities. Topics include advanced security features like Resource Indicators, JAR, PAR, and DPoP. By the end of this session, you will possess a comprehensive understanding of the security aspects of OAuth 2.0, equipped to implement it in high-stakes settings.
Key takeaway
OAuth 2.0 offers various new security enhancements, including Resource Indicators, JAR, PAR, DPoP, designed for high-security environments
Content level
Advanced
Target audience
Architects, developers, and security professionals
Prerequisites
Familiarity with traditional OAuth 2.0 applications
Philippe De Ryck
Security Expert, Pragmatic Web Security
Expertise: Web security, API security, OAuth 2.0, OpenID Connect
Related lectures
Introduction to Macaroons
Introductory lecture by Neil Madden in room Lemaire
Wednesday June 5th, 14:00 - 15:30
A deep dive into the workings of Macaroons, a novel authorization technique developed by Google. Learn the unique capabilities of this exciting new technology and how it is being deployed by multiple companies to secure the cloud.
Key takeaway: Learn when to use Macaroons vs other technologies for authentication tokens.
Security Signals - A framework to scale web security
Introductory lecture by Slawomir Goryczka in room West Wing
Tuesday June 4th, 14:00 - 15:30
Learn about Security Signals, a data-driven framework to scale web security, provide insights into security stance, and unique capabilities to manage security mitigations and remediations with high coverage, precision, and recall.
Key takeaway: Understand how and why security web infrastructure is built, used, and maintained at scale, also learn its components and capabilities it’s providing.
Technical approach to Zero Trust Application Access
Introductory lecture by Gijs Van Laer in room Lemaire
Monday June 3rd, 11:00 - 12:30
This session explores Zero Trust Application Access (ZTAA), a security model emphasizing "never trust, always verify". It'll cover the basics of ZTAA and important points for building and deploying applications within this strategy.
Key takeaway: You'll learn how to deploy Zero Trust Application Access (ZTAA) in small and large businesses and how to build applications according to ZTAA.