This document summarizes a talk on Connect security given by Peter Brownlow from Atlassian. It discusses authentication using JSON Web Tokens (JWT) to verify who sent a message, as well as authorization to control what users are allowed to do through scopes and dynamic permissions. Some potential areas of improvement mentioned include enhancing JWT security with header and body hashes, improving usability of JWT expirations, and implementing three-legged OAuth flows between applications and servers. The talk emphasized balancing security with usability according to Atlassian's value of not upsetting customers.