Enterprise security has never been more important or complex than it is today. Mobile devices, new client technologies, and cloud-based services are just some of the recent additions. Handling JAX-RS endpoints, spotty connectivity, local storage support, constrained devices and other land mines can be more than just a challenge. These …
One of the questions we get asked the most by developers and architects is: when and why would I use OAuth2? The answer, as often with such questions, is “it depends”, but there are some features of OAuth2 that make it compelling in some situations, especially in systems composed of …
Once the realm of shadowy government organizations, cryptography now permeates computing. Unfortunately, it is difficult to get correct and most developers know just enough to be harmful for their projects. Together, we’ll go through the basics of modern cryptography and where things can go horribly wrong.
Ruby on Rails makes it very easy to rapidly develop web applications, but doesn’t always make it so simple to deploy or secure them. This talk is going to focus on best practices to secure your rails application, learnt through multiple high profile projects and penetration tests. The talk will …
Tis presentation details how to incorporate security checks into the software development process for PHP applications. It also steps through the implementation and caveats of a security audit.
SQL Injection is a vulnerability that is often missed by web application security scanners, and it’s a vulnerability that is often rated as NOT exploitable by security testers when it actually can be exploited. Advanced SQL Injection is a presentation geared toward showing security professionals advanced exploitation techniques for situations …
