Nebraska.Code() Sessions tagged security

Encryption for Developers

Encryption has become a major part of the implementation of many products, but how many of us really understand what is going on behind the scenes. During your implementation, do you really know what an initialization vector does? What is the difference betwen AES-CBC and AES-CFB, and when should you use one over the other? How do you store the decryption key to prevent the same code leaking both the data and the key?

In this breakout section we will talk through some of the history of encryption, the different types of encryption, its appropriate uses, and the key elements that we are required to include encryption in your products.

Speaker

James McKee

James McKee

Developer Security, Trimble

To 2FA or not to 2FA? Let's answer this question

An exploration of two factor authentication from a developer's perspective. It's difficult to find two factor implementation best practices, so attendees will come out of this talk learning some trials and tribulations of a real life implementation of two factor authentication, why the sms based authentication is by far the least secure, and why two factor is not the security bandage that it is billed to be.

Speaker

Christine Seeman

Christine Seeman

Software Engineer, Flywheel

OAuth 2.0 and OpenID Connect (In Plain English)

Abstract

You’ve probably at least heard of the OAuth and OpenID Connect standards. It’s challenging to find a good overview of how they work. In this talk, Micah digs into these protocols in plain English, including a “Live Action OAuth Theater” segment in which volunteers act out a common OAuth interaction.

Description

If you’ve ever tried to search for information on OAuth and/or OpenID Connect, you’ve probably encountered deep dive code examples or references to the specifications. The specifications are great if you’re building OAuth from scratch or suffer from insomnia. Many examples focus on just code, rather than concepts. These types of resources is useful for understanding the concepts and historical backdrop for why OAuth and OIDC exist.

In this talk we start with the foundations of federated and delegated authentication and authorization, work our way through concepts and foundations for OAuth and OIDC and end with some practical demonstrations of the standards in action.

Speaker

Micah Silverman

Micah Silverman

Senior Developer Advocate, Okta

Conceptualizing OAuth, OpenID and Implementation of the Identity Server.

In dealing with web security, the most common thing for a developer is to think like an attacker while writing his/her code.

For everyone, the standard of development is not bound to just deploy and fix the bugs, but to ensure every developer understands these concepts and helps his/her team for building a better and secure product.

This presentation will start with using some good secured services like OAuth and OpenId based IdentityServer, and understanding how to call it via our application.