SlideShare a Scribd company logo

Adding Two Factor Authentication to your App with Authy

Nick Malcolm
Nick Malcolm
Nick MalcolmSecurity Consultant at Aura Information Security

This talk explains what two factor authentication is, and how to implement it in a Ruby on Rails app with Authy. Originally presented at Auckland Ruby Nights on April 23 2015: http://www.meetup.com/aucklandruby/events/221958178/

Adding Two Factor Authentication to your App with Authy

1 of 41
Download to read offline
Adding 2FA to your App
with Authy (but actually 2SV)
Nick Malcolm
@nickmalcolm
github.com/nickmalcolm/twofactorexample
The Difference Between Steps & Factors
Implementing Two-Step Verification with Authy
What is 2FA?!
Two Factor Authentication
Step
One act of providing
authentication
Factor
An independent
source of
authentication
Something You Know
Something You Have
Something You Are
Ad

Recommended

3 reasons your business can't ignore Two-Factor Authentication
3 reasons your business can't ignore Two-Factor Authentication3 reasons your business can't ignore Two-Factor Authentication
3 reasons your business can't ignore Two-Factor AuthenticationFortytwo
 
Two factor authentication presentation mcit
Two factor authentication presentation mcitTwo factor authentication presentation mcit
Two factor authentication presentation mcitmmubashirkhan
 
Avoiding Two-factor Authentication? You're Not Alone
Avoiding Two-factor Authentication? You're Not AloneAvoiding Two-factor Authentication? You're Not Alone
Avoiding Two-factor Authentication? You're Not AlonePortalGuard
 
Why Two-Factor Authentication?
Why Two-Factor Authentication?Why Two-Factor Authentication?
Why Two-Factor Authentication?Fortytwo
 
TWO FACTOR AUTHENTICATION - COMPREHENSIVE GUIDE
TWO FACTOR AUTHENTICATION - COMPREHENSIVE GUIDETWO FACTOR AUTHENTICATION - COMPREHENSIVE GUIDE
TWO FACTOR AUTHENTICATION - COMPREHENSIVE GUIDECTM360
 
Two Factor Authentication Made Easy ICWE 2015
Two Factor Authentication Made Easy  ICWE 2015Two Factor Authentication Made Easy  ICWE 2015
Two Factor Authentication Made Easy ICWE 2015Alex Q. Chen
 

More Related Content

What's hot

Combat the Latest Two-Factor Authentication Evasion Techniques
Combat the Latest Two-Factor Authentication Evasion TechniquesCombat the Latest Two-Factor Authentication Evasion Techniques
Combat the Latest Two-Factor Authentication Evasion TechniquesIBM Security
 
2 factor authentication 3 [compatibility mode]
2 factor authentication 3 [compatibility mode]2 factor authentication 3 [compatibility mode]
2 factor authentication 3 [compatibility mode]Hai Nguyen
 
Two factor authentication
Two factor authenticationTwo factor authentication
Two factor authenticationHai Nguyen
 
Seminar-Two Factor Authentication
Seminar-Two Factor AuthenticationSeminar-Two Factor Authentication
Seminar-Two Factor AuthenticationDilip Kr. Jangir
 
Two Factor Authentication: Easy Setup, Major Impact
Two Factor Authentication: Easy Setup, Major ImpactTwo Factor Authentication: Easy Setup, Major Impact
Two Factor Authentication: Easy Setup, Major ImpactSalesforce Admins
 
Two Factor Authentication
Two Factor AuthenticationTwo Factor Authentication
Two Factor AuthenticationNikhil Shaw
 
Two factor authentication 2018
Two factor authentication 2018Two factor authentication 2018
Two factor authentication 2018Will Adams
 
Two factor authentication-in_your_network_e_guide
Two factor authentication-in_your_network_e_guideTwo factor authentication-in_your_network_e_guide
Two factor authentication-in_your_network_e_guideNick Owen
 
Two Factor Authentication (2FA) Deep Dive: How to Choose the Right Solution f...
Two Factor Authentication (2FA) Deep Dive: How to Choose the Right Solution f...Two Factor Authentication (2FA) Deep Dive: How to Choose the Right Solution f...
Two Factor Authentication (2FA) Deep Dive: How to Choose the Right Solution f...ConorGilsenan1
 
SecureOTP: Total One-Time-Password Solution
SecureOTP: Total One-Time-Password SolutionSecureOTP: Total One-Time-Password Solution
SecureOTP: Total One-Time-Password SolutionRafidah Ariffin
 
Securing corporate assets_with_2_fa
Securing corporate assets_with_2_faSecuring corporate assets_with_2_fa
Securing corporate assets_with_2_faHai Nguyen
 
Two Factor Authentication and You
Two Factor Authentication and YouTwo Factor Authentication and You
Two Factor Authentication and YouChris Stone
 
Session 7 e_raja_kailar
Session 7 e_raja_kailarSession 7 e_raja_kailar
Session 7 e_raja_kailarHai Nguyen
 
Sp 29 two_factor_auth_guide
Sp 29 two_factor_auth_guideSp 29 two_factor_auth_guide
Sp 29 two_factor_auth_guideHai Nguyen
 
Jun 29 - 2016-MultiFactorAuthentication
Jun 29 - 2016-MultiFactorAuthentication Jun 29 - 2016-MultiFactorAuthentication
Jun 29 - 2016-MultiFactorAuthentication banerjeea
 
Authentication(pswrd,token,certificate,biometric)
Authentication(pswrd,token,certificate,biometric)Authentication(pswrd,token,certificate,biometric)
Authentication(pswrd,token,certificate,biometric)Ali Raw
 
Webinar - Easy multi factor authentication strategies and PCI DSS
Webinar - Easy multi factor authentication strategies and PCI DSSWebinar - Easy multi factor authentication strategies and PCI DSS
Webinar - Easy multi factor authentication strategies and PCI DSSonionid12
 
iKeyPass...Unbreakable Password Security
iKeyPass...Unbreakable Password SecurityiKeyPass...Unbreakable Password Security
iKeyPass...Unbreakable Password Securityrambmohan
 

What's hot (20)

Combat the Latest Two-Factor Authentication Evasion Techniques
Combat the Latest Two-Factor Authentication Evasion TechniquesCombat the Latest Two-Factor Authentication Evasion Techniques
Combat the Latest Two-Factor Authentication Evasion Techniques
 
2 factor authentication 3 [compatibility mode]
2 factor authentication 3 [compatibility mode]2 factor authentication 3 [compatibility mode]
2 factor authentication 3 [compatibility mode]
 
Two factor authentication
Two factor authenticationTwo factor authentication
Two factor authentication
 
Seminar-Two Factor Authentication
Seminar-Two Factor AuthenticationSeminar-Two Factor Authentication
Seminar-Two Factor Authentication
 
Two Factor Authentication: Easy Setup, Major Impact
Two Factor Authentication: Easy Setup, Major ImpactTwo Factor Authentication: Easy Setup, Major Impact
Two Factor Authentication: Easy Setup, Major Impact
 
Two Factor Authentication
Two Factor AuthenticationTwo Factor Authentication
Two Factor Authentication
 
Two factor authentication 2018
Two factor authentication 2018Two factor authentication 2018
Two factor authentication 2018
 
Two factor authentication-in_your_network_e_guide
Two factor authentication-in_your_network_e_guideTwo factor authentication-in_your_network_e_guide
Two factor authentication-in_your_network_e_guide
 
Two Factor Authentication (2FA) Deep Dive: How to Choose the Right Solution f...
Two Factor Authentication (2FA) Deep Dive: How to Choose the Right Solution f...Two Factor Authentication (2FA) Deep Dive: How to Choose the Right Solution f...
Two Factor Authentication (2FA) Deep Dive: How to Choose the Right Solution f...
 
SecureOTP: Total One-Time-Password Solution
SecureOTP: Total One-Time-Password SolutionSecureOTP: Total One-Time-Password Solution
SecureOTP: Total One-Time-Password Solution
 
Securing corporate assets_with_2_fa
Securing corporate assets_with_2_faSecuring corporate assets_with_2_fa
Securing corporate assets_with_2_fa
 
Two Factor Authentication and You
Two Factor Authentication and YouTwo Factor Authentication and You
Two Factor Authentication and You
 
Session 7 e_raja_kailar
Session 7 e_raja_kailarSession 7 e_raja_kailar
Session 7 e_raja_kailar
 
Sp 29 two_factor_auth_guide
Sp 29 two_factor_auth_guideSp 29 two_factor_auth_guide
Sp 29 two_factor_auth_guide
 
Jun 29 - 2016-MultiFactorAuthentication
Jun 29 - 2016-MultiFactorAuthentication Jun 29 - 2016-MultiFactorAuthentication
Jun 29 - 2016-MultiFactorAuthentication
 
Sms based otp
Sms based otpSms based otp
Sms based otp
 
Auth-Shield
Auth-ShieldAuth-Shield
Auth-Shield
 
Authentication(pswrd,token,certificate,biometric)
Authentication(pswrd,token,certificate,biometric)Authentication(pswrd,token,certificate,biometric)
Authentication(pswrd,token,certificate,biometric)
 
Webinar - Easy multi factor authentication strategies and PCI DSS
Webinar - Easy multi factor authentication strategies and PCI DSSWebinar - Easy multi factor authentication strategies and PCI DSS
Webinar - Easy multi factor authentication strategies and PCI DSS
 
iKeyPass...Unbreakable Password Security
iKeyPass...Unbreakable Password SecurityiKeyPass...Unbreakable Password Security
iKeyPass...Unbreakable Password Security
 

Viewers also liked

Mi presentación de Periféricos de procesamiento de Datos (parte interna) .
Mi presentación de Periféricos de procesamiento de Datos (parte interna) .Mi presentación de Periféricos de procesamiento de Datos (parte interna) .
Mi presentación de Periféricos de procesamiento de Datos (parte interna) .anyelocustodio01
 
04 application security fundamentals - part 2 - security mechanisms - authe...
04   application security fundamentals - part 2 - security mechanisms - authe...04   application security fundamentals - part 2 - security mechanisms - authe...
04 application security fundamentals - part 2 - security mechanisms - authe...appsec
 
Secure Your Salesforce Org with Two-Factor Authentication
Secure Your Salesforce Org with Two-Factor AuthenticationSecure Your Salesforce Org with Two-Factor Authentication
Secure Your Salesforce Org with Two-Factor AuthenticationSalesforce Admins
 
MobiWeb - SMS for App Promotion & Engagement
MobiWeb - SMS for App Promotion & EngagementMobiWeb - SMS for App Promotion & Engagement
MobiWeb - SMS for App Promotion & EngagementMobiWeb
 
Welcome to the 3rd generation in user authentication
Welcome to the 3rd generation in user authenticationWelcome to the 3rd generation in user authentication
Welcome to the 3rd generation in user authenticationMarketingArrowECS_CZ
 
Infoblast – Interactive 2-way Messaging Service
Infoblast – Interactive 2-way Messaging ServiceInfoblast – Interactive 2-way Messaging Service
Infoblast – Interactive 2-way Messaging Servicerusdyaziz
 
Securing ChatOps - DevSecCon Asia 2017 arun n
Securing ChatOps - DevSecCon Asia 2017 arun n Securing ChatOps - DevSecCon Asia 2017 arun n
Securing ChatOps - DevSecCon Asia 2017 arun n Arun Narayanaswamy
 
Mobile Cybercrime - Don’t Leave Your Customers Vulnerable
Mobile Cybercrime - Don’t Leave Your Customers VulnerableMobile Cybercrime - Don’t Leave Your Customers Vulnerable
Mobile Cybercrime - Don’t Leave Your Customers VulnerableXura
 
2FA, WTF? - Phil Nash - Codemotion Amsterdam 2016
2FA, WTF? -  Phil Nash - Codemotion Amsterdam 20162FA, WTF? -  Phil Nash - Codemotion Amsterdam 2016
2FA, WTF? - Phil Nash - Codemotion Amsterdam 2016Codemotion
 
MOBtexting : Leading A2P Messaging & Cloud Telephony Service Provider
MOBtexting : Leading A2P Messaging & Cloud Telephony Service ProviderMOBtexting : Leading A2P Messaging & Cloud Telephony Service Provider
MOBtexting : Leading A2P Messaging & Cloud Telephony Service ProviderMOBtexting
 

Viewers also liked (12)

Mi presentación de Periféricos de procesamiento de Datos (parte interna) .
Mi presentación de Periféricos de procesamiento de Datos (parte interna) .Mi presentación de Periféricos de procesamiento de Datos (parte interna) .
Mi presentación de Periféricos de procesamiento de Datos (parte interna) .
 
04 application security fundamentals - part 2 - security mechanisms - authe...
04   application security fundamentals - part 2 - security mechanisms - authe...04   application security fundamentals - part 2 - security mechanisms - authe...
04 application security fundamentals - part 2 - security mechanisms - authe...
 
Secure Your Salesforce Org with Two-Factor Authentication
Secure Your Salesforce Org with Two-Factor AuthenticationSecure Your Salesforce Org with Two-Factor Authentication
Secure Your Salesforce Org with Two-Factor Authentication
 
MobiWeb - SMS for App Promotion & Engagement
MobiWeb - SMS for App Promotion & EngagementMobiWeb - SMS for App Promotion & Engagement
MobiWeb - SMS for App Promotion & Engagement
 
Welcome to the 3rd generation in user authentication
Welcome to the 3rd generation in user authenticationWelcome to the 3rd generation in user authentication
Welcome to the 3rd generation in user authentication
 
Infoblast – Interactive 2-way Messaging Service
Infoblast – Interactive 2-way Messaging ServiceInfoblast – Interactive 2-way Messaging Service
Infoblast – Interactive 2-way Messaging Service
 
Securing ChatOps - DevSecCon Asia 2017 arun n
Securing ChatOps - DevSecCon Asia 2017 arun n Securing ChatOps - DevSecCon Asia 2017 arun n
Securing ChatOps - DevSecCon Asia 2017 arun n
 
Mobile Cybercrime - Don’t Leave Your Customers Vulnerable
Mobile Cybercrime - Don’t Leave Your Customers VulnerableMobile Cybercrime - Don’t Leave Your Customers Vulnerable
Mobile Cybercrime - Don’t Leave Your Customers Vulnerable
 
2FA and OTP
2FA and OTP2FA and OTP
2FA and OTP
 
Presentation9
Presentation9Presentation9
Presentation9
 
2FA, WTF? - Phil Nash - Codemotion Amsterdam 2016
2FA, WTF? -  Phil Nash - Codemotion Amsterdam 20162FA, WTF? -  Phil Nash - Codemotion Amsterdam 2016
2FA, WTF? - Phil Nash - Codemotion Amsterdam 2016
 
MOBtexting : Leading A2P Messaging & Cloud Telephony Service Provider
MOBtexting : Leading A2P Messaging & Cloud Telephony Service ProviderMOBtexting : Leading A2P Messaging & Cloud Telephony Service Provider
MOBtexting : Leading A2P Messaging & Cloud Telephony Service Provider
 

Similar to Adding Two Factor Authentication to your App with Authy

Ouch 201211 en
Ouch 201211 enOuch 201211 en
Ouch 201211 enHai Nguyen
 
Go passwordless with fido2
Go passwordless with fido2Go passwordless with fido2
Go passwordless with fido2Rob Dudley
 
The Internet of Fails - Mark Stanislav, Senior Security Consultant, Rapid7
The Internet of Fails - Mark Stanislav, Senior Security Consultant, Rapid7The Internet of Fails - Mark Stanislav, Senior Security Consultant, Rapid7
The Internet of Fails - Mark Stanislav, Senior Security Consultant, Rapid7Rapid7
 
FIDO UAF 1.0 Specs: Overview and Insights
FIDO UAF 1.0 Specs: Overview and InsightsFIDO UAF 1.0 Specs: Overview and Insights
FIDO UAF 1.0 Specs: Overview and InsightsFIDO Alliance
 
CIS14: FIDO 101 (What, Why and Wherefore of FIDO)
CIS14: FIDO 101 (What, Why and Wherefore of FIDO)CIS14: FIDO 101 (What, Why and Wherefore of FIDO)
CIS14: FIDO 101 (What, Why and Wherefore of FIDO)CloudIDSummit
 
FIDO Alliance: Year in Review Webinar slides from January 20 2016
FIDO Alliance: Year in Review Webinar slides from January 20 2016FIDO Alliance: Year in Review Webinar slides from January 20 2016
FIDO Alliance: Year in Review Webinar slides from January 20 2016FIDO Alliance
 
Security Checklist: how iOS can help protecting your data.
Security Checklist: how iOS can help protecting your data.Security Checklist: how iOS can help protecting your data.
Security Checklist: how iOS can help protecting your data.Tomek Cejner
 
Visual Studio Tools for Apache Cordova (TACO) and Ionic
Visual Studio Tools for Apache Cordova (TACO) and IonicVisual Studio Tools for Apache Cordova (TACO) and Ionic
Visual Studio Tools for Apache Cordova (TACO) and IonicJustin James
 
How Secure Is Your Secure API?
How Secure Is Your Secure API?How Secure Is Your Secure API?
How Secure Is Your Secure API?Colin McGovern
 
Google & FIDO Authentication
Google & FIDO AuthenticationGoogle & FIDO Authentication
Google & FIDO AuthenticationFIDO Alliance
 
"Bypassing two factor authentication", Shahmeer Amir
"Bypassing two factor authentication", Shahmeer Amir"Bypassing two factor authentication", Shahmeer Amir
"Bypassing two factor authentication", Shahmeer AmirHackIT Ukraine
 
Make the Smartcard great again
Make the Smartcard great againMake the Smartcard great again
Make the Smartcard great againEric Larcheveque
 
Two factor authentication,Google authenticator in odoo
Two factor authentication,Google authenticator  in odooTwo factor authentication,Google authenticator  in odoo
Two factor authentication,Google authenticator in odooAagam infotech
 
VyAPI - A Modern Cloud Based Vulnerable Android App (Presented at BSides Delh...
VyAPI - A Modern Cloud Based Vulnerable Android App (Presented at BSides Delh...VyAPI - A Modern Cloud Based Vulnerable Android App (Presented at BSides Delh...
VyAPI - A Modern Cloud Based Vulnerable Android App (Presented at BSides Delh...Riddhi Shree
 
How to make money with the Windows Store
How to make money with the Windows StoreHow to make money with the Windows Store
How to make money with the Windows StoreMicrosoft Schweiz
 
Von JavaEE auf Microservice in 6 Monaten - The Good, the Bad, and the wtfs...
Von JavaEE auf Microservice in 6 Monaten - The Good, the Bad, and the wtfs...Von JavaEE auf Microservice in 6 Monaten - The Good, the Bad, and the wtfs...
Von JavaEE auf Microservice in 6 Monaten - The Good, the Bad, and the wtfs...André Goliath
 
Android mobile app security offensive security workshop
Android mobile app security   offensive security workshopAndroid mobile app security   offensive security workshop
Android mobile app security offensive security workshopAbhinav Sejpal
 
OAuth for QuickBooks Online REST Services
OAuth for QuickBooks Online REST ServicesOAuth for QuickBooks Online REST Services
OAuth for QuickBooks Online REST ServicesIntuit Developer
 
Security Keys Presentation.pptx
Security Keys Presentation.pptxSecurity Keys Presentation.pptx
Security Keys Presentation.pptxAlok Sharma
 
Passwords are passé. WebAuthn is simpler, stronger and ready to go
Passwords are passé. WebAuthn is simpler, stronger and ready to goPasswords are passé. WebAuthn is simpler, stronger and ready to go
Passwords are passé. WebAuthn is simpler, stronger and ready to goMichael Furman
 

Similar to Adding Two Factor Authentication to your App with Authy (20)

Ouch 201211 en
Ouch 201211 enOuch 201211 en
Ouch 201211 en
 
Go passwordless with fido2
Go passwordless with fido2Go passwordless with fido2
Go passwordless with fido2
 
The Internet of Fails - Mark Stanislav, Senior Security Consultant, Rapid7
The Internet of Fails - Mark Stanislav, Senior Security Consultant, Rapid7The Internet of Fails - Mark Stanislav, Senior Security Consultant, Rapid7
The Internet of Fails - Mark Stanislav, Senior Security Consultant, Rapid7
 
FIDO UAF 1.0 Specs: Overview and Insights
FIDO UAF 1.0 Specs: Overview and InsightsFIDO UAF 1.0 Specs: Overview and Insights
FIDO UAF 1.0 Specs: Overview and Insights
 
CIS14: FIDO 101 (What, Why and Wherefore of FIDO)
CIS14: FIDO 101 (What, Why and Wherefore of FIDO)CIS14: FIDO 101 (What, Why and Wherefore of FIDO)
CIS14: FIDO 101 (What, Why and Wherefore of FIDO)
 
FIDO Alliance: Year in Review Webinar slides from January 20 2016
FIDO Alliance: Year in Review Webinar slides from January 20 2016FIDO Alliance: Year in Review Webinar slides from January 20 2016
FIDO Alliance: Year in Review Webinar slides from January 20 2016
 
Security Checklist: how iOS can help protecting your data.
Security Checklist: how iOS can help protecting your data.Security Checklist: how iOS can help protecting your data.
Security Checklist: how iOS can help protecting your data.
 
Visual Studio Tools for Apache Cordova (TACO) and Ionic
Visual Studio Tools for Apache Cordova (TACO) and IonicVisual Studio Tools for Apache Cordova (TACO) and Ionic
Visual Studio Tools for Apache Cordova (TACO) and Ionic
 
How Secure Is Your Secure API?
How Secure Is Your Secure API?How Secure Is Your Secure API?
How Secure Is Your Secure API?
 
Google & FIDO Authentication
Google & FIDO AuthenticationGoogle & FIDO Authentication
Google & FIDO Authentication
 
"Bypassing two factor authentication", Shahmeer Amir
"Bypassing two factor authentication", Shahmeer Amir"Bypassing two factor authentication", Shahmeer Amir
"Bypassing two factor authentication", Shahmeer Amir
 
Make the Smartcard great again
Make the Smartcard great againMake the Smartcard great again
Make the Smartcard great again
 
Two factor authentication,Google authenticator in odoo
Two factor authentication,Google authenticator  in odooTwo factor authentication,Google authenticator  in odoo
Two factor authentication,Google authenticator in odoo
 
VyAPI - A Modern Cloud Based Vulnerable Android App (Presented at BSides Delh...
VyAPI - A Modern Cloud Based Vulnerable Android App (Presented at BSides Delh...VyAPI - A Modern Cloud Based Vulnerable Android App (Presented at BSides Delh...
VyAPI - A Modern Cloud Based Vulnerable Android App (Presented at BSides Delh...
 
How to make money with the Windows Store
How to make money with the Windows StoreHow to make money with the Windows Store
How to make money with the Windows Store
 
Von JavaEE auf Microservice in 6 Monaten - The Good, the Bad, and the wtfs...
Von JavaEE auf Microservice in 6 Monaten - The Good, the Bad, and the wtfs...Von JavaEE auf Microservice in 6 Monaten - The Good, the Bad, and the wtfs...
Von JavaEE auf Microservice in 6 Monaten - The Good, the Bad, and the wtfs...
 
Android mobile app security offensive security workshop
Android mobile app security   offensive security workshopAndroid mobile app security   offensive security workshop
Android mobile app security offensive security workshop
 
OAuth for QuickBooks Online REST Services
OAuth for QuickBooks Online REST ServicesOAuth for QuickBooks Online REST Services
OAuth for QuickBooks Online REST Services
 
Security Keys Presentation.pptx
Security Keys Presentation.pptxSecurity Keys Presentation.pptx
Security Keys Presentation.pptx
 
Passwords are passé. WebAuthn is simpler, stronger and ready to go
Passwords are passé. WebAuthn is simpler, stronger and ready to goPasswords are passé. WebAuthn is simpler, stronger and ready to go
Passwords are passé. WebAuthn is simpler, stronger and ready to go
 

More from Nick Malcolm

A Recipe for Password Storage: Add Salt to Taste
A Recipe for Password Storage: Add Salt to TasteA Recipe for Password Storage: Add Salt to Taste
A Recipe for Password Storage: Add Salt to TasteNick Malcolm
 
How To "Speak Developer"
How To "Speak Developer"How To "Speak Developer"
How To "Speak Developer"Nick Malcolm
 
How To Spot a Wolf in Sheep's Clothing (a.k.a. Account Takeover)
How To Spot a Wolf in Sheep's Clothing (a.k.a. Account Takeover)How To Spot a Wolf in Sheep's Clothing (a.k.a. Account Takeover)
How To Spot a Wolf in Sheep's Clothing (a.k.a. Account Takeover)Nick Malcolm
 
All aboard the Cyber Security Rollercoaster!
All aboard the Cyber Security Rollercoaster!All aboard the Cyber Security Rollercoaster!
All aboard the Cyber Security Rollercoaster!Nick Malcolm
 
Timing Attacks and Ruby on Rails
Timing Attacks and Ruby on RailsTiming Attacks and Ruby on Rails
Timing Attacks and Ruby on RailsNick Malcolm
 
Protecting the Front Door
Protecting the Front DoorProtecting the Front Door
Protecting the Front DoorNick Malcolm
 
Our CloudFlare experience
Our CloudFlare experienceOur CloudFlare experience
Our CloudFlare experienceNick Malcolm
 

More from Nick Malcolm (7)

A Recipe for Password Storage: Add Salt to Taste
A Recipe for Password Storage: Add Salt to TasteA Recipe for Password Storage: Add Salt to Taste
A Recipe for Password Storage: Add Salt to Taste
 
How To "Speak Developer"
How To "Speak Developer"How To "Speak Developer"
How To "Speak Developer"
 
How To Spot a Wolf in Sheep's Clothing (a.k.a. Account Takeover)
How To Spot a Wolf in Sheep's Clothing (a.k.a. Account Takeover)How To Spot a Wolf in Sheep's Clothing (a.k.a. Account Takeover)
How To Spot a Wolf in Sheep's Clothing (a.k.a. Account Takeover)
 
All aboard the Cyber Security Rollercoaster!
All aboard the Cyber Security Rollercoaster!All aboard the Cyber Security Rollercoaster!
All aboard the Cyber Security Rollercoaster!
 
Timing Attacks and Ruby on Rails
Timing Attacks and Ruby on RailsTiming Attacks and Ruby on Rails
Timing Attacks and Ruby on Rails
 
Protecting the Front Door
Protecting the Front DoorProtecting the Front Door
Protecting the Front Door
 
Our CloudFlare experience
Our CloudFlare experienceOur CloudFlare experience
Our CloudFlare experience
 

Recently uploaded

unit I lecture 5 - Software Development Life Cycle.pdf
unit I lecture 5 - Software Development Life Cycle.pdfunit I lecture 5 - Software Development Life Cycle.pdf
unit I lecture 5 - Software Development Life Cycle.pdfStephenTec
 
Slide Deck - Milestone 9 alx mils .pptx
Slide Deck  - Milestone 9 alx mils .pptxSlide Deck  - Milestone 9 alx mils .pptx
Slide Deck - Milestone 9 alx mils .pptxYassineBissaoui1
 
unit I lecture 4 - AGILE DEVELOPMENT AND PLAN-DRIVEN.pdf
unit I lecture 4 - AGILE DEVELOPMENT AND PLAN-DRIVEN.pdfunit I lecture 4 - AGILE DEVELOPMENT AND PLAN-DRIVEN.pdf
unit I lecture 4 - AGILE DEVELOPMENT AND PLAN-DRIVEN.pdfStephenTec
 
unit I lecture 3 - Software Process Models.pdf
unit I lecture 3 - Software Process Models.pdfunit I lecture 3 - Software Process Models.pdf
unit I lecture 3 - Software Process Models.pdfStephenTec
 
unit 1 lecture 1 - Introduction - Software Engineering Myths.pdf
unit 1 lecture 1 - Introduction - Software Engineering Myths.pdfunit 1 lecture 1 - Introduction - Software Engineering Myths.pdf
unit 1 lecture 1 - Introduction - Software Engineering Myths.pdfStephenTec
 
MSR2022_Hackathon.pdf
MSR2022_Hackathon.pdfMSR2022_Hackathon.pdf
MSR2022_Hackathon.pdfnatarajan8993
 
Microsoft 365 De Security pdf
Microsoft 365 De Security pdfMicrosoft 365 De Security pdf
Microsoft 365 De Security pdfMarkus Moeller
 
Enabling Enterprise-wide OT Data access with Matrikon Data Broker.pdf
Enabling Enterprise-wide OT Data access  with Matrikon Data Broker.pdfEnabling Enterprise-wide OT Data access  with Matrikon Data Broker.pdf
Enabling Enterprise-wide OT Data access with Matrikon Data Broker.pdfJohn Archer
 
Microsoft Dynamics 365 IA - Copilot/ Fabric
Microsoft Dynamics 365 IA - Copilot/ FabricMicrosoft Dynamics 365 IA - Copilot/ Fabric
Microsoft Dynamics 365 IA - Copilot/ FabricJuan Fabian
 
Get Your Hands Off the Teams Work.pdf
Get Your Hands Off the Teams Work.pdfGet Your Hands Off the Teams Work.pdf
Get Your Hands Off the Teams Work.pdfAngela Johnson
 
BotSE2022-Natarajan.pdf
BotSE2022-Natarajan.pdfBotSE2022-Natarajan.pdf
BotSE2022-Natarajan.pdfnatarajan8993
 
App Builder - Hierarchical Data Apps.pptx
App Builder - Hierarchical Data Apps.pptxApp Builder - Hierarchical Data Apps.pptx
App Builder - Hierarchical Data Apps.pptxPoojitha B
 
unit I lecture 2 - Software Engineering Ethics - Software Process.pdf
unit I lecture 2 - Software Engineering Ethics - Software Process.pdfunit I lecture 2 - Software Engineering Ethics - Software Process.pdf
unit I lecture 2 - Software Engineering Ethics - Software Process.pdfStephenTec
 
owasp top 10 security risk categories and CWE
owasp top 10 security risk categories and CWEowasp top 10 security risk categories and CWE
owasp top 10 security risk categories and CWEArun Voleti
 
Industry 4.0: Building the Unified Namespace with Confluent, HiveMQ and Spark...
Industry 4.0: Building the Unified Namespace with Confluent, HiveMQ and Spark...Industry 4.0: Building the Unified Namespace with Confluent, HiveMQ and Spark...
Industry 4.0: Building the Unified Namespace with Confluent, HiveMQ and Spark...confluent
 
India's_Generative_AI_Startup_Landscape_Report_2023_Inc42 (1).pdf
India's_Generative_AI_Startup_Landscape_Report_2023_Inc42 (1).pdfIndia's_Generative_AI_Startup_Landscape_Report_2023_Inc42 (1).pdf
India's_Generative_AI_Startup_Landscape_Report_2023_Inc42 (1).pdfgranitesrijan
 
SATToSE_2023_Presentation_slideshare.pdf
SATToSE_2023_Presentation_slideshare.pdfSATToSE_2023_Presentation_slideshare.pdf
SATToSE_2023_Presentation_slideshare.pdfnatarajan8993
 
Open Sprintera (Where Open Source Sparks a Sprint of Possibilities)
Open Sprintera (Where Open Source Sparks a Sprint of Possibilities)Open Sprintera (Where Open Source Sparks a Sprint of Possibilities)
Open Sprintera (Where Open Source Sparks a Sprint of Possibilities)GDSCNiT
 

Recently uploaded (20)

unit I lecture 5 - Software Development Life Cycle.pdf
unit I lecture 5 - Software Development Life Cycle.pdfunit I lecture 5 - Software Development Life Cycle.pdf
unit I lecture 5 - Software Development Life Cycle.pdf
 
Slide Deck - Milestone 9 alx mils .pptx
Slide Deck  - Milestone 9 alx mils .pptxSlide Deck  - Milestone 9 alx mils .pptx
Slide Deck - Milestone 9 alx mils .pptx
 
unit I lecture 4 - AGILE DEVELOPMENT AND PLAN-DRIVEN.pdf
unit I lecture 4 - AGILE DEVELOPMENT AND PLAN-DRIVEN.pdfunit I lecture 4 - AGILE DEVELOPMENT AND PLAN-DRIVEN.pdf
unit I lecture 4 - AGILE DEVELOPMENT AND PLAN-DRIVEN.pdf
 
unit I lecture 3 - Software Process Models.pdf
unit I lecture 3 - Software Process Models.pdfunit I lecture 3 - Software Process Models.pdf
unit I lecture 3 - Software Process Models.pdf
 
unit 1 lecture 1 - Introduction - Software Engineering Myths.pdf
unit 1 lecture 1 - Introduction - Software Engineering Myths.pdfunit 1 lecture 1 - Introduction - Software Engineering Myths.pdf
unit 1 lecture 1 - Introduction - Software Engineering Myths.pdf
 
MSR2022_Hackathon.pdf
MSR2022_Hackathon.pdfMSR2022_Hackathon.pdf
MSR2022_Hackathon.pdf
 
Microsoft 365 De Security pdf
Microsoft 365 De Security pdfMicrosoft 365 De Security pdf
Microsoft 365 De Security pdf
 
Enabling Enterprise-wide OT Data access with Matrikon Data Broker.pdf
Enabling Enterprise-wide OT Data access  with Matrikon Data Broker.pdfEnabling Enterprise-wide OT Data access  with Matrikon Data Broker.pdf
Enabling Enterprise-wide OT Data access with Matrikon Data Broker.pdf
 
Microsoft Dynamics 365 IA - Copilot/ Fabric
Microsoft Dynamics 365 IA - Copilot/ FabricMicrosoft Dynamics 365 IA - Copilot/ Fabric
Microsoft Dynamics 365 IA - Copilot/ Fabric
 
Get Your Hands Off the Teams Work.pdf
Get Your Hands Off the Teams Work.pdfGet Your Hands Off the Teams Work.pdf
Get Your Hands Off the Teams Work.pdf
 
BotSE2022-Natarajan.pdf
BotSE2022-Natarajan.pdfBotSE2022-Natarajan.pdf
BotSE2022-Natarajan.pdf
 
App Builder - Hierarchical Data Apps.pptx
App Builder - Hierarchical Data Apps.pptxApp Builder - Hierarchical Data Apps.pptx
App Builder - Hierarchical Data Apps.pptx
 
unit I lecture 2 - Software Engineering Ethics - Software Process.pdf
unit I lecture 2 - Software Engineering Ethics - Software Process.pdfunit I lecture 2 - Software Engineering Ethics - Software Process.pdf
unit I lecture 2 - Software Engineering Ethics - Software Process.pdf
 
owasp top 10 security risk categories and CWE
owasp top 10 security risk categories and CWEowasp top 10 security risk categories and CWE
owasp top 10 security risk categories and CWE
 
Features of IETM Software -Code and Pixels
Features of IETM Software -Code and PixelsFeatures of IETM Software -Code and Pixels
Features of IETM Software -Code and Pixels
 
Industry 4.0: Building the Unified Namespace with Confluent, HiveMQ and Spark...
Industry 4.0: Building the Unified Namespace with Confluent, HiveMQ and Spark...Industry 4.0: Building the Unified Namespace with Confluent, HiveMQ and Spark...
Industry 4.0: Building the Unified Namespace with Confluent, HiveMQ and Spark...
 
India's_Generative_AI_Startup_Landscape_Report_2023_Inc42 (1).pdf
India's_Generative_AI_Startup_Landscape_Report_2023_Inc42 (1).pdfIndia's_Generative_AI_Startup_Landscape_Report_2023_Inc42 (1).pdf
India's_Generative_AI_Startup_Landscape_Report_2023_Inc42 (1).pdf
 
SATToSE_2023_Presentation_slideshare.pdf
SATToSE_2023_Presentation_slideshare.pdfSATToSE_2023_Presentation_slideshare.pdf
SATToSE_2023_Presentation_slideshare.pdf
 
Open Sprintera (Where Open Source Sparks a Sprint of Possibilities)
Open Sprintera (Where Open Source Sparks a Sprint of Possibilities)Open Sprintera (Where Open Source Sparks a Sprint of Possibilities)
Open Sprintera (Where Open Source Sparks a Sprint of Possibilities)
 
Importance Of Smaket In Your Buussiness
Importance Of Smaket In Your BuussinessImportance Of Smaket In Your Buussiness
Importance Of Smaket In Your Buussiness
 

Adding Two Factor Authentication to your App with Authy