-
Be the first to like this
Slideshare uses cookies to improve functionality and performance, and to provide you with relevant advertising. If you continue browsing the site, you agree to the use of cookies on this website. See our User Agreement and Privacy Policy.
Slideshare uses cookies to improve functionality and performance, and to provide you with relevant advertising. If you continue browsing the site, you agree to the use of cookies on this website. See our Privacy Policy and User Agreement for details.
Managing passwords is a critical developer task. Developers tasked with building or augmenting legacy authentication systems have a daunting task when facing modern adversaries. This talk will review some of the changes suggested in NIST SP800-63b the “Digital Identity Guideline on Authentication and Lifecycle Management regarding password policy”. We’ll discuss topics such as credential stuffing and the importance of managing common passwords found in public breaches. We’ll also discuss various strategies around storing passwords using modern algorithms and methods.
* Importance of Password Storage
* Credential Stuffing
* Password Policy Updates from NIST[masked]b
* Password Topologies
* Offline Password Attacks
* Password Cracking
* Password Hashing Strategies
* Password Keyed Protections
* Hard-Coded Passwords and Backdoors
Speaker:
Jim Manico, Manicode Security
Talk language: English
About the Speaker:
*********************
Jim Manico is the founder of Manicode Security where he trains software developers on secure coding and security engineering. He is also an investor/advisor for KSOC, Nucleus Security, Signal Sciences and BitDiscovery. Jim is a frequent speaker on secure software practices, is a member of the Java Champion community, and is the author of "Iron-Clad Java: Building Secure Web Applications" from Oracle Press. Jim also volunteers for the OWASP foundation as the project co-lead for the OWASP ASVS and the OWASP Proactive Controls.
Be the first to like this
Be the first to comment