Nebraska.Code() Sessions tagged security

Developing Secure Modern Applications

Security is no longer an afterthought to development. Every developer should be responsible for building secure applications that properly handles identity access, secure transport that meetings secure code requirements along with securing the data behind the application. In this talk we will discuss how to handle authn and authz using Open ID Connect and Oauth2 in modern application architecture using JavaScript frameworks like Angular 2 with social and enterprise identity providers. Learn how architect your application to avoid common attacks like Man in the Middle, Cross Site Scripting. Also learn how to verify code is secure during development to running automated pen tests as part of your CI/CD process.

Speaker

Mike Douglas

Mike Douglas

Solution Consultant, Deliveron Consulting Services

The Security of Classic Game Consoles

It's 1986 and you're sitting a few feet away from your 19" CRT television. Blowing the dust out of your Super Mario cartridge you insert it into your Nintendo and push the power button. The familiar music plays and you're sucked into a world of goombas and castles on your quest to save the princess. While engrossed in your game, you probably didn't realize the engineering that went into the security of your game and console.

Join me as we travel back through history and explore the security of classic game consoles. You don't have to be a gamer to appreciate the various security methods that were employed, including hardware, media, and software security measures. Learn how many of these security measures were exploited, either directly or indirectly, as well as the security measures which have yet to be broken.

You'll leave this fun presentation with not only an understanding of the technical details of what went into protecting the security of your favorite classic game consoles and how they were broken, but also how we can apply these historical lessons learned to the modern software and systems we build today.

Speaker

Kevin Shekleton

Kevin Shekleton

Vice President & Distinguished Engineer, Cerner

OWASP Top 10 Vulnerabilities & ASP.NET

In this talk we’ll go over the OWASP Top 10 vulnerabilities and how they apply to ASP.NET. We’ll include a demonstration of each vulnerability, the risk it poses, how to detect the attack, and how to mitigate it.

The Open Web Application Security Project (OWASP) Top 10 list are the most commonly exploited security threats found on the web today. Securing your applications & clients against them will go a long way towards mitigating any security risks and protecting your application from these threats. In this session, we’ll go through each of the top 10 vulnerabilities showing you the vulnerability in action, what the impact is going to be, how to detect it and most importantly how to fix the problem. Code samples will be freely available and we’ll examine the vulnerability in both MVC/WebApi & Asp.net web forms applications.

Speaker

Bill Dinger

Bill Dinger

Solutions Architect, VML

Using JWTs for Authentication Management

Whether you are just getting around to adding authentication to a project that's almost complete, or trying to plan an authentication infrastructure for a whole suite of applications, or rework legacy systems to integrate their security methods with each other or with more modern projects, JWTs (JSON Web Tokens) may turn out to be just what you've been looking for. They can significantly improve your ability as a developer or product manager to stay on top of security requirements, including the need for consistency, reliability, strength of protection, and extensibility. See how techniques and mindsets developed around the use of JWTs can be used to avoid problems in the project planning phase as well as overcome obstables in projects that are well underway. Become familiar with concepts such as trust propagation and token translation. See the tradeoffs for alternative placements of authorizing services that work with JWTs.

Speaker

Floyd Kosch

Floyd Kosch

Software Developer, Creative Thinking Inc

A Look at Code Obfuscators

Ever wonder how a code obfuscator works? Are you curious to see what happens when it alters the compiled code of an application? We’ll look at one of the most popular .NET obfuscators, Dotfuscator Professional from Preemptive Solutions. It has a lot of features found in other similar applications like code injection, method renaming, and string encryption, and we’ll look at how those affect the code along with problems they cause. Along with this, there are new features which help prevent tampering and debugging we’ll explore in additional seeing how it can phone home in the event of an attack. Of course, no talk on security would be complete if we didn’t explore how to bypass some of those counter measures too!

Speaker

Kevin Miller

Kevin Miller

Senior Software Architect, TCC Software Solutions

ASP.NET MVC & Identity: The Things You Were Never Told

Following the quick start examples it is trivial for a developer to stand up a new ASP.NET MVC application and use ASP.NET identity to handle user authentication and authorization. However, following these tutorials there are many important details that are left out. How do you work within a single DB Context? How do you share your data model with a project outside of ASP.NET MVC? How do you use Dependency Injection with Identity? How about displaying the users name on each page load?

This talk goes into all of the details that you need to truly SUCCEED with ASP.NET MVC and Identity. By sharing a big set of lessons learned, and other helpful insight your next project should be much easier to get off the ground!

Speaker

Mitchel Sellers

Mitchel Sellers

CEO, IowaComputerGurus, Inc.