One of the questions we get asked the most by developers and architects is: when and why would I use OAuth2? The answer, as often with such questions, is “it depends”, but there are some features of OAuth2 that make it compelling in some situations, especially in systems composed of …
Once the realm of shadowy government organizations, cryptography now permeates computing. Unfortunately, it is difficult to get correct and most developers know just enough to be harmful for their projects. Together, we’ll go through the basics of modern cryptography and where things can go horribly wrong.
Ruby on Rails makes it very easy to rapidly develop web applications, but doesn’t always make it so simple to deploy or secure them. This talk is going to focus on best practices to secure your rails application, learnt through multiple high profile projects and penetration tests. The talk will …
In this video, Douglas Crockford outlines the basic principles of designing secure software, with a focus on web applications. He starts at the beginning with the invention of language itself and makes a strong case for designing secure software based on fundamental principles rather than specific techniques, tricks, or hacks.
Tis presentation details how to incorporate security checks into the software development process for PHP applications. It also steps through the implementation and caveats of a security audit.
SQL Injection is a vulnerability that is often missed by web application security scanners, and it’s a vulnerability that is often rated as NOT exploitable by security testers when it actually can be exploited. Advanced SQL Injection is a presentation geared toward showing security professionals advanced exploitation techniques for situations …
