Nebraska.Code() Sessions tagged security

Blasting Browser Security with Extensions

Abstract

Multi-platform browser extensions are easier to write than ever, can have great authority to examine and alter HTTP requests and responses, and are shockingly easy to get listed on the official respective browser stores. In this talk Micah builds an over-powered, multi-platform extension.

Description

In this talk, Micah gives an overview of how browser extensions work and the web-ext tool for creating extensions that work in both Google Chrome and Mozilla Firefox. He then shows how to debug and test extensions locally as well as how to package them up for distribution. The talk culminates with a real-time attempt to get an extension with an over-powered list of permissions listed on the Chrome Web Store and the Firefox Browser Add-ons Store.

Speaker

Micah Silverman

Micah Silverman

Lead Developer Advocate, Split

Hacking OAuth: Pitfalls and Remedies

Abstract

OAuth 2.0 is the most widely used standard for secure authorization on the Internet for modern Web and Mobile apps. There are a lot of pitfalls that can lead to an insecure app.

Description

In this talk Micah gives a brief overview of OAuth and its mechanics. Then he leads you through a number of risks and remedies to best secure your applications. This isn’t just theory, but the practical application of certain risks and how to configure OAuth and write your code to mitigate those risks.

Speaker

Micah Silverman

Micah Silverman

Lead Developer Advocate, Split