SecAppDev 2024 lecture details
Supercharging OAuth 2.0 security
Discover how to apply OAuth 2.0 in high-security scenarios, exploring its latest security enhancements. Learn about advanced features like Resource Indicators, JAR, PAR, and DPoP, gaining the knowledge to implement OAuth 2.0 securely.
Tuesday June 4th, 16:00 - 17:30
Room Lemaire
Add to calendar (ICS) Add to Google calendarAbstract
OAuth 2.0 is more than a decade old and has been adopted far beyond the initial expectations, including highly-sensitive eHealth and financial scenarios.
This session will guide you through using OAuth 2.0 in environments where security is paramount. We will dive into the latest specifications designed to enhance OAuth 2.0's security capabilities. Topics include advanced security features like Resource Indicators, JAR, PAR, and DPoP. By the end of this session, you will possess a comprehensive understanding of the security aspects of OAuth 2.0, equipped to implement it in high-stakes settings.
Key takeaway
OAuth 2.0 offers various new security enhancements, including Resource Indicators, JAR, PAR, DPoP, designed for high-security environments
Content level
Advanced
Target audience
Architects, developers, and security professionals
Prerequisites
Familiarity with traditional OAuth 2.0 applications
Join us for SecAppDev. You will not regret it!
Grab your seat nowPhilippe De Ryck
Security Expert, Pragmatic Web Security
Expertise: Web security, API security, OAuth 2.0, OpenID Connect
Join us for SecAppDev. You will not regret it!
Grab your seat nowRelated lectures
Introduction to Macaroons
Introductory lecture by Neil Madden in room Lemaire
Wednesday June 5th, 14:00 - 15:30
A deep dive into the workings of Macaroons, a novel authorization technique developed by Google. Learn the unique capabilities of this exciting new technology and how it is being deployed by multiple companies to secure the cloud.
Key takeaway: Learn when to use Macaroons vs other technologies for authentication tokens.
An open source WAF in a high security setting
Introductory lecture by Christian Folini in room West Wing
Wednesday June 5th, 09:00 - 10:30
Introduction to WAFs, a highly commercial market with a dominant open source offering, crazy incentives of WAF vendors, the history of online voting in Switzerland, the 2019 disaster and ray of hope cast by the WAF.
Key takeaway: Basic understanding of web application firewalls, their use cases and their limits.
Security Signals - A framework to scale web security
Introductory lecture by Slawomir Goryczka in room West Wing
Tuesday June 4th, 14:00 - 15:30
Learn about Security Signals, a data-driven framework to scale web security, provide insights into security stance, and unique capabilities to manage security mitigations and remediations with high coverage, precision, and recall.
Key takeaway: Understand how and why security web infrastructure is built, used, and maintained at scale, also learn its components and capabilities it’s providing.