SlideShare a Scribd company logo
1 of 90
Download to read offline
@adam_englander
Practical API Security
Adam Englander, Software Architect
iovation
@adam_englander
Let's set some expectations...
@adam_englander
What are we protecting against?
@adam_englander
@adam_englander
1: Injection
@adam_englander
2: Broken Authentication
@adam_englander
3: Sensitive Data Exposure
@adam_englander
4: XML External Entities (XXE)
@adam_englander
libxml_disable_entity_loader(true);
@adam_englander
Use defusedxml and
defusedexpat to protect lib.xml
@adam_englander
5: Broken Access Control
@adam_englander
6: Security Misconfiguration
@adam_englander
7: Cross-Site Scripting XSS
@adam_englander
8: Insecure Deserialization
@adam_englander
9: Using Components with Known
Vulnerabilities
@adam_englander
PHP Resources
• https://security.sensiolabs.org/
• roave/security-advisories package
• https://github.com/FriendsOfPHP/security-
advisories
@adam_englander
10: Insufficient Logging &
Monitoring
@adam_englander
How do we provide that
protection?
@adam_englander
@adam_englander
Defense in Depth
Transport Layer Security
Rate Limiting/Replay Prevention
Authentication
Data Validation
Data Encryption
Logging
Access Control
@adam_englander
Defense in Depth
Transport Layer Security
Rate Limiting/Replay Prevention
Authentication
Data Validation
Data Encryption
Logging
Access Control
@adam_englander
Defense in Depth
Transport Layer Security
Rate Limiting/Replay Prevention
Authentication
Data Validation
Data Encryption
Logging
Access Control
@adam_englander
@adam_englander
@adam_englander
Defense in Depth
Transport Layer Security
Rate Limiting/Replay Prevention
Authentication
Data Validation
Data Encryption
Logging
Access Control
@adam_englander
Replay prevention requires
unique requests
@adam_englander
Determine Uniqueness of Request
GET / HTTP/1.1
Accept: application/json
@adam_englander
Determine Uniqueness of Request
GET / HTTP/1.1
Accept: application/json
X-Nonce: 5ed518e8c5c51a64638b2b50c192242d
@adam_englander
Store that unique value in a
datastore so you can verify you
don't see it again
@adam_englander
Use the add function on the
cache to prevent race conditions
@adam_englander
Cache Example
if ($token === null) {
throw new AuthorizationRequiredException();
} elseif (!$this->cache->add(hash('sha512', $token), 1, 10)) {
throw new InvalidRequestException();
}
@adam_englander
Use insert on unique index for
RDBMS to prevent race
conditions
@adam_englander
Rate limiting requires unique
identification for restrictions
@adam_englander
api-user-id|create-widget|20:01
ebf4e1d4bb33e5f6028e8443d6a1d6aa
@adam_englander
Use the add and increment
functions of the cache to
prevent race conditions
@adam_englander
Cache Example
$key = sprintf("%s|root-post|%s", $userId, $timeSlice);
$this->cache->add($key, 0, 1);
$total = $this->cache->increment($key);
@adam_englander
Use insert with unique index
and update returning in RDBMS
to prevent race conditions
@adam_englander
Data stores can be done in
three ways.
@adam_englander
In Memory Datastore
@adam_englander
Local Datastore
@adam_englander
Global Datastore
@adam_englander
Defense in Depth
Transport Layer Security
Rate Limiting/Replay Prevention
Authentication
Data Validation
Data Encryption
Logging
Access Control
@adam_englander
Do not make authentication part
of the body
@adam_englander
Use the Authorization header
@adam_englander
HTTP Basic Authentication
Authorization: Basic QWxhZGRpbjpvcGVuIHNlc2FtZQ==
@adam_englander
HTTP Digest Authentication
DO NOT USE!
@adam_englander
HTTP Bearer Authentication
Authorization: Bearer mF_9.B5f-4.1JqM
@adam_englander
Roll Your Own
@adam_englander
Many APIs do this
@adam_englander
What about never rolling your
own crypto?
@adam_englander
Single Use JWT
@adam_englander
No auth service required
@adam_englander
Can use existing JWT libraries
to create and validate
@adam_englander
Can be extended beyond auth
to provide data validation and
MITM protection
@adam_englander
Defense in Depth
Transport Layer Security
Rate Limiting/Replay Prevention
Authentication
Data Validation
Data Encryption
Logging
Access Control
@adam_englander
Message Validation
@adam_englander
Request Validation
@adam_englander
Method Validation
GET /user/abc HTTP/1.1
Accept: application/json
@adam_englander
Method Validation
DELETE /user/abc HTTP/1.1
Accept: application/json
@adam_englander
Path Validation
GET /user/abc HTTP/1.1
Accept: application/json
@adam_englander
Path Validation
GET /user/def HTTP/1.1
Accept: application/json
@adam_englander
Body Validation
PATCH /user/abc HTTP/1.1
{"email": "valid@user.com"}
@adam_englander
Body Validation
PATCH /user/abc HTTP/1.1
{"email": "pwned@hkr.com"}
@adam_englander
Response Validation
@adam_englander
Status Code Validation
HTTP/1.1 200 OK
Content-Type: application/json; charset=UTF-8
Content-Length: 21
{"expected": "value"}
@adam_englander
Status Code Validation
HTTP/1.1 400 Invalid Request
Content-Type: application/json; charset=UTF-8
Content-Length: 21
{"expected": "value"}
@adam_englander
Status Code Validation
HTTP/1.1 200 OK
Content-Type: application/json; charset=UTF-8
Content-Length: 21
{"expected": "value"}
@adam_englander
Status Code Validation
HTTP/1.1 301 Moved
Content-Type: application/json; charset=UTF-8
Content-Length: 21
Location: https://bad.actor.com
{"expected": "value"}
@adam_englander
Header Validation
HTTP/1.1 200 OK
Content-Type: application/json; charset=UTF-8
Content-Length: 21
Cache-Control: no-cache
{"expected": "value"}
@adam_englander
Header Validation
HTTP/1.1 200 OK
Content-Type: application/json; charset=UTF-8
Content-Length: 21
Cache-Control: max-age=99999999
{"expected": "value"}
@adam_englander
Data Validation
HTTP/1.1 200 OK
Content-Type: application/json; charset=UTF-8
Content-Length: 21
{"active": false}
@adam_englander
Data Validation
HTTP/1.1 200 OK
Content-Type: application/json; charset=UTF-8
Content-Length: 21
{"active": true}
@adam_englander
Validation of request data
@adam_englander
Defense in Depth
Transport Layer Security
Rate Limiting/Replay Prevention
Authentication
Data Validation
Data Encryption
Logging
Access Control
@adam_englander
Encrypt Data at Rest
@adam_englander
Use a structure format that
allows for in-place key rotation
and nonce storage
@adam_englander
COSE
CBOR Object Signing and Encryption (COSE)
Concise Binary Object Representation (CBOR)
@adam_englander
Roll Your Own
keyid|nonce|encrypted-data
@adam_englander
Encrypt Data in Transit
@adam_englander
WW?D
@adam_englander
JSON Web Encryption
@adam_englander
Log Everything
@adam_englander
Log in a structured format for
easier parsing
@adam_englander
Log all pertinent actions
@adam_englander
Include all data regarding state.
Anonymize sensitive data.
@adam_englander
Include origin data to identify
bad actors.
@adam_englander
Utilize tools like ELK or Greylog
to aggregate logs
@adam_englander
Determine anomalous conditions
and alert on those conditions.
@adam_englander
And now a demonstration...
@adam_englander
https://joind.in/talk/9895f

More Related Content

What's hot

20160225 OWASP Atlanta Prevoty RASP
20160225 OWASP Atlanta Prevoty RASP20160225 OWASP Atlanta Prevoty RASP
20160225 OWASP Atlanta Prevoty RASPchadtindel
 
Prevoty NYC Java SIG 20150730
Prevoty NYC Java SIG 20150730Prevoty NYC Java SIG 20150730
Prevoty NYC Java SIG 20150730chadtindel
 
Secrets of Google VRP by: Krzysztof Kotowicz, Google Security Team
Secrets of Google VRP by: Krzysztof Kotowicz, Google Security TeamSecrets of Google VRP by: Krzysztof Kotowicz, Google Security Team
Secrets of Google VRP by: Krzysztof Kotowicz, Google Security TeamOWASP Delhi
 
Hunting for the secrets in a cloud forest
Hunting for the secrets in a cloud forestHunting for the secrets in a cloud forest
Hunting for the secrets in a cloud forestSecuRing
 
Yan Cui - How to build observability into a serverless application - Codemoti...
Yan Cui - How to build observability into a serverless application - Codemoti...Yan Cui - How to build observability into a serverless application - Codemoti...
Yan Cui - How to build observability into a serverless application - Codemoti...Codemotion
 
Simple Tips to Secure your WordPress
Simple Tips to Secure your WordPressSimple Tips to Secure your WordPress
Simple Tips to Secure your WordPressFiroz Sabaliya
 
Serverless observability - a hero's perspective
Serverless observability - a hero's perspectiveServerless observability - a hero's perspective
Serverless observability - a hero's perspectiveYan Cui
 
Atlrug intermodal - sep 2011
Atlrug   intermodal - sep 2011Atlrug   intermodal - sep 2011
Atlrug intermodal - sep 2011hosheng
 

What's hot (8)

20160225 OWASP Atlanta Prevoty RASP
20160225 OWASP Atlanta Prevoty RASP20160225 OWASP Atlanta Prevoty RASP
20160225 OWASP Atlanta Prevoty RASP
 
Prevoty NYC Java SIG 20150730
Prevoty NYC Java SIG 20150730Prevoty NYC Java SIG 20150730
Prevoty NYC Java SIG 20150730
 
Secrets of Google VRP by: Krzysztof Kotowicz, Google Security Team
Secrets of Google VRP by: Krzysztof Kotowicz, Google Security TeamSecrets of Google VRP by: Krzysztof Kotowicz, Google Security Team
Secrets of Google VRP by: Krzysztof Kotowicz, Google Security Team
 
Hunting for the secrets in a cloud forest
Hunting for the secrets in a cloud forestHunting for the secrets in a cloud forest
Hunting for the secrets in a cloud forest
 
Yan Cui - How to build observability into a serverless application - Codemoti...
Yan Cui - How to build observability into a serverless application - Codemoti...Yan Cui - How to build observability into a serverless application - Codemoti...
Yan Cui - How to build observability into a serverless application - Codemoti...
 
Simple Tips to Secure your WordPress
Simple Tips to Secure your WordPressSimple Tips to Secure your WordPress
Simple Tips to Secure your WordPress
 
Serverless observability - a hero's perspective
Serverless observability - a hero's perspectiveServerless observability - a hero's perspective
Serverless observability - a hero's perspective
 
Atlrug intermodal - sep 2011
Atlrug   intermodal - sep 2011Atlrug   intermodal - sep 2011
Atlrug intermodal - sep 2011
 

Similar to Practical API Security - Midwest PHP 2018

Practical API Security - PyCon 2018
Practical API Security - PyCon 2018Practical API Security - PyCon 2018
Practical API Security - PyCon 2018Adam Englander
 
Android Penetration Testing - Day 3
Android Penetration Testing - Day 3Android Penetration Testing - Day 3
Android Penetration Testing - Day 3Mohammed Adam
 
Web API Security
Web API SecurityWeb API Security
Web API SecurityStefaan
 
Rails 3 and OAuth for Barcamp Tampa
Rails 3 and OAuth for Barcamp TampaRails 3 and OAuth for Barcamp Tampa
Rails 3 and OAuth for Barcamp TampaBryce Kerley
 
Con Foo 2017 - Don't Loose Sleep - Secure Your REST
Con Foo 2017 - Don't Loose Sleep - Secure Your RESTCon Foo 2017 - Don't Loose Sleep - Secure Your REST
Con Foo 2017 - Don't Loose Sleep - Secure Your RESTAdam Englander
 
Threat Modeling for Dummies - Cascadia PHP 2018
Threat Modeling for Dummies - Cascadia PHP 2018Threat Modeling for Dummies - Cascadia PHP 2018
Threat Modeling for Dummies - Cascadia PHP 2018Adam Englander
 
Top 10 Web Security Vulnerabilities (OWASP Top 10)
Top 10 Web Security Vulnerabilities (OWASP Top 10)Top 10 Web Security Vulnerabilities (OWASP Top 10)
Top 10 Web Security Vulnerabilities (OWASP Top 10)Brian Huff
 
Hacking Client Side Insecurities
Hacking Client Side InsecuritiesHacking Client Side Insecurities
Hacking Client Side Insecuritiesamiable_indian
 
hashicorp-virtualdays-vaultkeeping-a-secret-200409143039.pptx
hashicorp-virtualdays-vaultkeeping-a-secret-200409143039.pptxhashicorp-virtualdays-vaultkeeping-a-secret-200409143039.pptx
hashicorp-virtualdays-vaultkeeping-a-secret-200409143039.pptxhamzaaqqa7
 
Symfony Live San Franciso 2017 - BDD API Development with Symfony and Behat
Symfony Live San Franciso 2017 - BDD API Development with Symfony and BehatSymfony Live San Franciso 2017 - BDD API Development with Symfony and Behat
Symfony Live San Franciso 2017 - BDD API Development with Symfony and BehatAdam Englander
 
Locking the Throneroom 2.0
Locking the Throneroom 2.0Locking the Throneroom 2.0
Locking the Throneroom 2.0Mario Heiderich
 
Defcon9 Presentation2001
Defcon9 Presentation2001Defcon9 Presentation2001
Defcon9 Presentation2001Miguel Ibarra
 
Web Application Security - "In theory and practice"
Web Application Security - "In theory and practice"Web Application Security - "In theory and practice"
Web Application Security - "In theory and practice"Jeremiah Grossman
 
Don't Loose Sleep - Secure Your Rest - php[tek] 2017
Don't Loose Sleep - Secure Your Rest - php[tek] 2017Don't Loose Sleep - Secure Your Rest - php[tek] 2017
Don't Loose Sleep - Secure Your Rest - php[tek] 2017Adam Englander
 
Secure Your Mobile Apps
Secure Your Mobile AppsSecure Your Mobile Apps
Secure Your Mobile Appsprimomh
 
Mobile code mining for discovery and exploits nullcongoa2013
Mobile code mining for discovery and exploits nullcongoa2013Mobile code mining for discovery and exploits nullcongoa2013
Mobile code mining for discovery and exploits nullcongoa2013Blueinfy Solutions
 
Web Application Security
Web Application SecurityWeb Application Security
Web Application SecurityAbdul Wahid
 
IoT Lock Down - Battling the Bot Net Builders
IoT Lock Down - Battling the Bot Net BuildersIoT Lock Down - Battling the Bot Net Builders
IoT Lock Down - Battling the Bot Net BuildersAdam Englander
 
PHP UK 2017 - Don't Lose Sleep - Secure Your REST
PHP UK 2017 - Don't Lose Sleep - Secure Your RESTPHP UK 2017 - Don't Lose Sleep - Secure Your REST
PHP UK 2017 - Don't Lose Sleep - Secure Your RESTAdam Englander
 

Similar to Practical API Security - Midwest PHP 2018 (20)

Practical API Security - PyCon 2018
Practical API Security - PyCon 2018Practical API Security - PyCon 2018
Practical API Security - PyCon 2018
 
Android Penetration Testing - Day 3
Android Penetration Testing - Day 3Android Penetration Testing - Day 3
Android Penetration Testing - Day 3
 
Web API Security
Web API SecurityWeb API Security
Web API Security
 
Rails 3 and OAuth for Barcamp Tampa
Rails 3 and OAuth for Barcamp TampaRails 3 and OAuth for Barcamp Tampa
Rails 3 and OAuth for Barcamp Tampa
 
Con Foo 2017 - Don't Loose Sleep - Secure Your REST
Con Foo 2017 - Don't Loose Sleep - Secure Your RESTCon Foo 2017 - Don't Loose Sleep - Secure Your REST
Con Foo 2017 - Don't Loose Sleep - Secure Your REST
 
Threat Modeling for Dummies - Cascadia PHP 2018
Threat Modeling for Dummies - Cascadia PHP 2018Threat Modeling for Dummies - Cascadia PHP 2018
Threat Modeling for Dummies - Cascadia PHP 2018
 
Top 10 Web Security Vulnerabilities (OWASP Top 10)
Top 10 Web Security Vulnerabilities (OWASP Top 10)Top 10 Web Security Vulnerabilities (OWASP Top 10)
Top 10 Web Security Vulnerabilities (OWASP Top 10)
 
Hacking Client Side Insecurities
Hacking Client Side InsecuritiesHacking Client Side Insecurities
Hacking Client Side Insecurities
 
hashicorp-virtualdays-vaultkeeping-a-secret-200409143039.pptx
hashicorp-virtualdays-vaultkeeping-a-secret-200409143039.pptxhashicorp-virtualdays-vaultkeeping-a-secret-200409143039.pptx
hashicorp-virtualdays-vaultkeeping-a-secret-200409143039.pptx
 
Symfony Live San Franciso 2017 - BDD API Development with Symfony and Behat
Symfony Live San Franciso 2017 - BDD API Development with Symfony and BehatSymfony Live San Franciso 2017 - BDD API Development with Symfony and Behat
Symfony Live San Franciso 2017 - BDD API Development with Symfony and Behat
 
Locking the Throneroom 2.0
Locking the Throneroom 2.0Locking the Throneroom 2.0
Locking the Throneroom 2.0
 
Defcon9 Presentation2001
Defcon9 Presentation2001Defcon9 Presentation2001
Defcon9 Presentation2001
 
Web Application Security - "In theory and practice"
Web Application Security - "In theory and practice"Web Application Security - "In theory and practice"
Web Application Security - "In theory and practice"
 
Don't Loose Sleep - Secure Your Rest - php[tek] 2017
Don't Loose Sleep - Secure Your Rest - php[tek] 2017Don't Loose Sleep - Secure Your Rest - php[tek] 2017
Don't Loose Sleep - Secure Your Rest - php[tek] 2017
 
Secure Your Mobile Apps
Secure Your Mobile AppsSecure Your Mobile Apps
Secure Your Mobile Apps
 
Mobile code mining for discovery and exploits nullcongoa2013
Mobile code mining for discovery and exploits nullcongoa2013Mobile code mining for discovery and exploits nullcongoa2013
Mobile code mining for discovery and exploits nullcongoa2013
 
Web Application Security
Web Application SecurityWeb Application Security
Web Application Security
 
IoT Lock Down - Battling the Bot Net Builders
IoT Lock Down - Battling the Bot Net BuildersIoT Lock Down - Battling the Bot Net Builders
IoT Lock Down - Battling the Bot Net Builders
 
Online Authentication
Online AuthenticationOnline Authentication
Online Authentication
 
PHP UK 2017 - Don't Lose Sleep - Secure Your REST
PHP UK 2017 - Don't Lose Sleep - Secure Your RESTPHP UK 2017 - Don't Lose Sleep - Secure Your REST
PHP UK 2017 - Don't Lose Sleep - Secure Your REST
 

More from Adam Englander

Making PHP Smarter - Dutch PHP 2023.pptx
Making PHP Smarter - Dutch PHP 2023.pptxMaking PHP Smarter - Dutch PHP 2023.pptx
Making PHP Smarter - Dutch PHP 2023.pptxAdam Englander
 
ZendCon 2018 - Cryptography in Depth
ZendCon 2018 - Cryptography in DepthZendCon 2018 - Cryptography in Depth
ZendCon 2018 - Cryptography in DepthAdam Englander
 
Dutch PHP 2018 - Cryptography for Beginners
Dutch PHP 2018 - Cryptography for BeginnersDutch PHP 2018 - Cryptography for Beginners
Dutch PHP 2018 - Cryptography for BeginnersAdam Englander
 
php[tek] 2108 - Cryptography Advances in PHP 7.2
php[tek] 2108 - Cryptography Advances in PHP 7.2php[tek] 2108 - Cryptography Advances in PHP 7.2
php[tek] 2108 - Cryptography Advances in PHP 7.2Adam Englander
 
php[tek] 2018 - Biometrics, fantastic failure point of the future
php[tek] 2018 - Biometrics, fantastic failure point of the futurephp[tek] 2018 - Biometrics, fantastic failure point of the future
php[tek] 2018 - Biometrics, fantastic failure point of the futureAdam Englander
 
Biometrics: Sexy, Secure and... Stupid - RSAC 2018
Biometrics: Sexy, Secure and... Stupid - RSAC 2018Biometrics: Sexy, Secure and... Stupid - RSAC 2018
Biometrics: Sexy, Secure and... Stupid - RSAC 2018Adam Englander
 
Cryptography for Beginners - Sunshine PHP 2018
Cryptography for Beginners - Sunshine PHP 2018Cryptography for Beginners - Sunshine PHP 2018
Cryptography for Beginners - Sunshine PHP 2018Adam Englander
 
ConFoo Vancouver 2017 - Biometrics: Fantastic Failure Point of the Future
ConFoo Vancouver 2017 - Biometrics: Fantastic Failure Point of the FutureConFoo Vancouver 2017 - Biometrics: Fantastic Failure Point of the Future
ConFoo Vancouver 2017 - Biometrics: Fantastic Failure Point of the FutureAdam Englander
 
ZendCon 2017 - Cryptography for Beginners
ZendCon 2017 - Cryptography for BeginnersZendCon 2017 - Cryptography for Beginners
ZendCon 2017 - Cryptography for BeginnersAdam Englander
 
ZendCon 2017: The Red Team is Coming
ZendCon 2017: The Red Team is ComingZendCon 2017: The Red Team is Coming
ZendCon 2017: The Red Team is ComingAdam Englander
 
ZendCon 2017 - Build a Bot Workshop - Async Primer
ZendCon 2017 - Build a Bot Workshop - Async PrimerZendCon 2017 - Build a Bot Workshop - Async Primer
ZendCon 2017 - Build a Bot Workshop - Async PrimerAdam Englander
 
Coder Cruise 2017 - The Red Team Is Coming
Coder Cruise 2017 - The Red Team Is ComingCoder Cruise 2017 - The Red Team Is Coming
Coder Cruise 2017 - The Red Team Is ComingAdam Englander
 
Build a bot workshop async primer - php[tek]
Build a bot workshop  async primer - php[tek]Build a bot workshop  async primer - php[tek]
Build a bot workshop async primer - php[tek]Adam Englander
 
Concurrent Programming in Python
Concurrent Programming in PythonConcurrent Programming in Python
Concurrent Programming in PythonAdam Englander
 
Biometrics - Fantastic Failure Point of the Future
Biometrics - Fantastic Failure Point of the FutureBiometrics - Fantastic Failure Point of the Future
Biometrics - Fantastic Failure Point of the FutureAdam Englander
 
SunshinePHP 2017: Tales From The Crypt - A Cryptography Primer
SunshinePHP 2017: Tales From The Crypt - A Cryptography PrimerSunshinePHP 2017: Tales From The Crypt - A Cryptography Primer
SunshinePHP 2017: Tales From The Crypt - A Cryptography PrimerAdam Englander
 
Py Vegas - Tales from the crypt
Py Vegas - Tales from the cryptPy Vegas - Tales from the crypt
Py Vegas - Tales from the cryptAdam Englander
 
Node.js interactive NA 2016: Tales From the Crypt
Node.js interactive NA 2016: Tales From the CryptNode.js interactive NA 2016: Tales From the Crypt
Node.js interactive NA 2016: Tales From the CryptAdam Englander
 

More from Adam Englander (19)

Making PHP Smarter - Dutch PHP 2023.pptx
Making PHP Smarter - Dutch PHP 2023.pptxMaking PHP Smarter - Dutch PHP 2023.pptx
Making PHP Smarter - Dutch PHP 2023.pptx
 
ZendCon 2018 - Cryptography in Depth
ZendCon 2018 - Cryptography in DepthZendCon 2018 - Cryptography in Depth
ZendCon 2018 - Cryptography in Depth
 
Dutch PHP 2018 - Cryptography for Beginners
Dutch PHP 2018 - Cryptography for BeginnersDutch PHP 2018 - Cryptography for Beginners
Dutch PHP 2018 - Cryptography for Beginners
 
php[tek] 2108 - Cryptography Advances in PHP 7.2
php[tek] 2108 - Cryptography Advances in PHP 7.2php[tek] 2108 - Cryptography Advances in PHP 7.2
php[tek] 2108 - Cryptography Advances in PHP 7.2
 
php[tek] 2018 - Biometrics, fantastic failure point of the future
php[tek] 2018 - Biometrics, fantastic failure point of the futurephp[tek] 2018 - Biometrics, fantastic failure point of the future
php[tek] 2018 - Biometrics, fantastic failure point of the future
 
Biometrics: Sexy, Secure and... Stupid - RSAC 2018
Biometrics: Sexy, Secure and... Stupid - RSAC 2018Biometrics: Sexy, Secure and... Stupid - RSAC 2018
Biometrics: Sexy, Secure and... Stupid - RSAC 2018
 
Cryptography for Beginners - Sunshine PHP 2018
Cryptography for Beginners - Sunshine PHP 2018Cryptography for Beginners - Sunshine PHP 2018
Cryptography for Beginners - Sunshine PHP 2018
 
ConFoo Vancouver 2017 - Biometrics: Fantastic Failure Point of the Future
ConFoo Vancouver 2017 - Biometrics: Fantastic Failure Point of the FutureConFoo Vancouver 2017 - Biometrics: Fantastic Failure Point of the Future
ConFoo Vancouver 2017 - Biometrics: Fantastic Failure Point of the Future
 
ZendCon 2017 - Cryptography for Beginners
ZendCon 2017 - Cryptography for BeginnersZendCon 2017 - Cryptography for Beginners
ZendCon 2017 - Cryptography for Beginners
 
ZendCon 2017: The Red Team is Coming
ZendCon 2017: The Red Team is ComingZendCon 2017: The Red Team is Coming
ZendCon 2017: The Red Team is Coming
 
ZendCon 2017 - Build a Bot Workshop - Async Primer
ZendCon 2017 - Build a Bot Workshop - Async PrimerZendCon 2017 - Build a Bot Workshop - Async Primer
ZendCon 2017 - Build a Bot Workshop - Async Primer
 
Coder Cruise 2017 - The Red Team Is Coming
Coder Cruise 2017 - The Red Team Is ComingCoder Cruise 2017 - The Red Team Is Coming
Coder Cruise 2017 - The Red Team Is Coming
 
Build a bot workshop async primer - php[tek]
Build a bot workshop  async primer - php[tek]Build a bot workshop  async primer - php[tek]
Build a bot workshop async primer - php[tek]
 
Python and Docker
Python and DockerPython and Docker
Python and Docker
 
Concurrent Programming in Python
Concurrent Programming in PythonConcurrent Programming in Python
Concurrent Programming in Python
 
Biometrics - Fantastic Failure Point of the Future
Biometrics - Fantastic Failure Point of the FutureBiometrics - Fantastic Failure Point of the Future
Biometrics - Fantastic Failure Point of the Future
 
SunshinePHP 2017: Tales From The Crypt - A Cryptography Primer
SunshinePHP 2017: Tales From The Crypt - A Cryptography PrimerSunshinePHP 2017: Tales From The Crypt - A Cryptography Primer
SunshinePHP 2017: Tales From The Crypt - A Cryptography Primer
 
Py Vegas - Tales from the crypt
Py Vegas - Tales from the cryptPy Vegas - Tales from the crypt
Py Vegas - Tales from the crypt
 
Node.js interactive NA 2016: Tales From the Crypt
Node.js interactive NA 2016: Tales From the CryptNode.js interactive NA 2016: Tales From the Crypt
Node.js interactive NA 2016: Tales From the Crypt
 

Recently uploaded

A Glance At The Java Performance Toolbox
A Glance At The Java Performance ToolboxA Glance At The Java Performance Toolbox
A Glance At The Java Performance ToolboxAna-Maria Mihalceanu
 
Infrared simulation and processing on Nvidia platforms
Infrared simulation and processing on Nvidia platformsInfrared simulation and processing on Nvidia platforms
Infrared simulation and processing on Nvidia platformsYoss Cohen
 
Transcript: New from BookNet Canada for 2024: BNC SalesData and LibraryData -...
Transcript: New from BookNet Canada for 2024: BNC SalesData and LibraryData -...Transcript: New from BookNet Canada for 2024: BNC SalesData and LibraryData -...
Transcript: New from BookNet Canada for 2024: BNC SalesData and LibraryData -...BookNet Canada
 
Abdul Kader Baba- Managing Cybersecurity Risks and Compliance Requirements i...
Abdul Kader Baba- Managing Cybersecurity Risks  and Compliance Requirements i...Abdul Kader Baba- Managing Cybersecurity Risks  and Compliance Requirements i...
Abdul Kader Baba- Managing Cybersecurity Risks and Compliance Requirements i...itnewsafrica
 
Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...
Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...
Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...panagenda
 
Landscape Catalogue 2024 Australia-1.pdf
Landscape Catalogue 2024 Australia-1.pdfLandscape Catalogue 2024 Australia-1.pdf
Landscape Catalogue 2024 Australia-1.pdfAarwolf Industries LLC
 
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...Wes McKinney
 
Testing tools and AI - ideas what to try with some tool examples
Testing tools and AI - ideas what to try with some tool examplesTesting tools and AI - ideas what to try with some tool examples
Testing tools and AI - ideas what to try with some tool examplesKari Kakkonen
 
Why Agile? - A handbook behind Agile Evolution
Why Agile? - A handbook behind Agile EvolutionWhy Agile? - A handbook behind Agile Evolution
Why Agile? - A handbook behind Agile EvolutionDEEPRAJ PATHAK
 
Bridging Between CAD & GIS: 6 Ways to Automate Your Data Integration
Bridging Between CAD & GIS:  6 Ways to Automate Your Data IntegrationBridging Between CAD & GIS:  6 Ways to Automate Your Data Integration
Bridging Between CAD & GIS: 6 Ways to Automate Your Data Integrationmarketing932765
 
Generative Artificial Intelligence: How generative AI works.pdf
Generative Artificial Intelligence: How generative AI works.pdfGenerative Artificial Intelligence: How generative AI works.pdf
Generative Artificial Intelligence: How generative AI works.pdfIngrid Airi González
 
WomenInAutomation2024: AI and Automation for eveyone
WomenInAutomation2024: AI and Automation for eveyoneWomenInAutomation2024: AI and Automation for eveyone
WomenInAutomation2024: AI and Automation for eveyoneUiPathCommunity
 
Accelerating Enterprise Software Engineering with Platformless
Accelerating Enterprise Software Engineering with PlatformlessAccelerating Enterprise Software Engineering with Platformless
Accelerating Enterprise Software Engineering with PlatformlessWSO2
 
Microsoft 365 Copilot: How to boost your productivity with AI – Part one: Ado...
Microsoft 365 Copilot: How to boost your productivity with AI – Part one: Ado...Microsoft 365 Copilot: How to boost your productivity with AI – Part one: Ado...
Microsoft 365 Copilot: How to boost your productivity with AI – Part one: Ado...Nikki Chapple
 
Email Marketing Automation for Bonterra Impact Management (fka Social Solutio...
Email Marketing Automation for Bonterra Impact Management (fka Social Solutio...Email Marketing Automation for Bonterra Impact Management (fka Social Solutio...
Email Marketing Automation for Bonterra Impact Management (fka Social Solutio...Jeffrey Haguewood
 
Decarbonising Buildings: Making a net-zero built environment a reality
Decarbonising Buildings: Making a net-zero built environment a realityDecarbonising Buildings: Making a net-zero built environment a reality
Decarbonising Buildings: Making a net-zero built environment a realityIES VE
 
Dynamical Context introduction word sensibility orientation
Dynamical Context introduction word sensibility orientationDynamical Context introduction word sensibility orientation
Dynamical Context introduction word sensibility orientationBuild Intuit
 
[Webinar] SpiraTest - Setting New Standards in Quality Assurance
[Webinar] SpiraTest - Setting New Standards in Quality Assurance[Webinar] SpiraTest - Setting New Standards in Quality Assurance
[Webinar] SpiraTest - Setting New Standards in Quality AssuranceInflectra
 
Emixa Mendix Meetup 11 April 2024 about Mendix Native development
Emixa Mendix Meetup 11 April 2024 about Mendix Native developmentEmixa Mendix Meetup 11 April 2024 about Mendix Native development
Emixa Mendix Meetup 11 April 2024 about Mendix Native developmentPim van der Noll
 
Connecting the Dots for Information Discovery.pdf
Connecting the Dots for Information Discovery.pdfConnecting the Dots for Information Discovery.pdf
Connecting the Dots for Information Discovery.pdfNeo4j
 

Recently uploaded (20)

A Glance At The Java Performance Toolbox
A Glance At The Java Performance ToolboxA Glance At The Java Performance Toolbox
A Glance At The Java Performance Toolbox
 
Infrared simulation and processing on Nvidia platforms
Infrared simulation and processing on Nvidia platformsInfrared simulation and processing on Nvidia platforms
Infrared simulation and processing on Nvidia platforms
 
Transcript: New from BookNet Canada for 2024: BNC SalesData and LibraryData -...
Transcript: New from BookNet Canada for 2024: BNC SalesData and LibraryData -...Transcript: New from BookNet Canada for 2024: BNC SalesData and LibraryData -...
Transcript: New from BookNet Canada for 2024: BNC SalesData and LibraryData -...
 
Abdul Kader Baba- Managing Cybersecurity Risks and Compliance Requirements i...
Abdul Kader Baba- Managing Cybersecurity Risks  and Compliance Requirements i...Abdul Kader Baba- Managing Cybersecurity Risks  and Compliance Requirements i...
Abdul Kader Baba- Managing Cybersecurity Risks and Compliance Requirements i...
 
Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...
Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...
Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...
 
Landscape Catalogue 2024 Australia-1.pdf
Landscape Catalogue 2024 Australia-1.pdfLandscape Catalogue 2024 Australia-1.pdf
Landscape Catalogue 2024 Australia-1.pdf
 
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
 
Testing tools and AI - ideas what to try with some tool examples
Testing tools and AI - ideas what to try with some tool examplesTesting tools and AI - ideas what to try with some tool examples
Testing tools and AI - ideas what to try with some tool examples
 
Why Agile? - A handbook behind Agile Evolution
Why Agile? - A handbook behind Agile EvolutionWhy Agile? - A handbook behind Agile Evolution
Why Agile? - A handbook behind Agile Evolution
 
Bridging Between CAD & GIS: 6 Ways to Automate Your Data Integration
Bridging Between CAD & GIS:  6 Ways to Automate Your Data IntegrationBridging Between CAD & GIS:  6 Ways to Automate Your Data Integration
Bridging Between CAD & GIS: 6 Ways to Automate Your Data Integration
 
Generative Artificial Intelligence: How generative AI works.pdf
Generative Artificial Intelligence: How generative AI works.pdfGenerative Artificial Intelligence: How generative AI works.pdf
Generative Artificial Intelligence: How generative AI works.pdf
 
WomenInAutomation2024: AI and Automation for eveyone
WomenInAutomation2024: AI and Automation for eveyoneWomenInAutomation2024: AI and Automation for eveyone
WomenInAutomation2024: AI and Automation for eveyone
 
Accelerating Enterprise Software Engineering with Platformless
Accelerating Enterprise Software Engineering with PlatformlessAccelerating Enterprise Software Engineering with Platformless
Accelerating Enterprise Software Engineering with Platformless
 
Microsoft 365 Copilot: How to boost your productivity with AI – Part one: Ado...
Microsoft 365 Copilot: How to boost your productivity with AI – Part one: Ado...Microsoft 365 Copilot: How to boost your productivity with AI – Part one: Ado...
Microsoft 365 Copilot: How to boost your productivity with AI – Part one: Ado...
 
Email Marketing Automation for Bonterra Impact Management (fka Social Solutio...
Email Marketing Automation for Bonterra Impact Management (fka Social Solutio...Email Marketing Automation for Bonterra Impact Management (fka Social Solutio...
Email Marketing Automation for Bonterra Impact Management (fka Social Solutio...
 
Decarbonising Buildings: Making a net-zero built environment a reality
Decarbonising Buildings: Making a net-zero built environment a realityDecarbonising Buildings: Making a net-zero built environment a reality
Decarbonising Buildings: Making a net-zero built environment a reality
 
Dynamical Context introduction word sensibility orientation
Dynamical Context introduction word sensibility orientationDynamical Context introduction word sensibility orientation
Dynamical Context introduction word sensibility orientation
 
[Webinar] SpiraTest - Setting New Standards in Quality Assurance
[Webinar] SpiraTest - Setting New Standards in Quality Assurance[Webinar] SpiraTest - Setting New Standards in Quality Assurance
[Webinar] SpiraTest - Setting New Standards in Quality Assurance
 
Emixa Mendix Meetup 11 April 2024 about Mendix Native development
Emixa Mendix Meetup 11 April 2024 about Mendix Native developmentEmixa Mendix Meetup 11 April 2024 about Mendix Native development
Emixa Mendix Meetup 11 April 2024 about Mendix Native development
 
Connecting the Dots for Information Discovery.pdf
Connecting the Dots for Information Discovery.pdfConnecting the Dots for Information Discovery.pdf
Connecting the Dots for Information Discovery.pdf
 

Practical API Security - Midwest PHP 2018