More Related Content


Securing Your Ecosystem (FOWA Las Vegas 2011)

  1. Securing your ecosystem @raffi
  2. Speaking at @fowa! Let’s talk about securing ecosystems & let’s talk @twitterapi! 29 Jun via Twitter for iPhone from Meet, Las Vegas 233 South 4th Street Las Vegas, Nevada 89101 View Tweets at this place
  3. >660K Developers on @twitterAPI
  4. >900K Apps + The Official ones
  5. >200M users on @twitter
  6. Users are paramount
  7. Users need 2 things protected ⇢ identity ⇢ data
  8. Security is hard to bolt on “later”
  9. Govern your ecosystem
  10. Case study in @twitterAPI
  11. We used to be basic auth
  12. raffi ← Username : totallysecure ← Password
  13. Base64(raffi:totallysecure) cmFmZmk6dG90YWxseXNlY3VyZQ==
  14. GET /secure HTTP/1.1 Host: localhost Authorization: Basic cmFmZmk6dG90YWxseXNlY3VyZQ==
  15. The password antipattern
  16. OAuth
  17. The carrot
  18. further protect our users ⇢ mandate the use of OAuth ⇢ understand where our traffic is coming from
  19. This conversion was a challenge
  20. And... One more time, protect our users ⇢ break out a new permissions model ⇢ try to make it extremely clear to a user what apps are doing
  21. Be really really really (really) ∞ explicit
  22. Check back with me next year — i might be able to say how it went
  23. What would I do if i were you? ⇢ forget basic auth! ⇢ go straight to OAuth 2 ⇢ understand your “problem”
  24. Make sure to have the tools you need
  25. Our Users @taylorswift13
  26. Follow me Questions? @raffi