This talk about identity and authentication was held at Droidcon UK 2013. It goes into the differences of different authorization and authentication techniques and tries to shed some light on best practices.
Technologies being covered are OAuth, OpenID and OpenID Connect.
With the dominance of Mobile Apps, Single Page Apps for the Web, and Micro-Services, we are all building more APIs than ever before. Like many other developers, I had struggled with finding the right mix of security and simplicity for securing APIs. Some standards from the IETF have made it possible to accomplish both. Let me show you how to utilize existing libraries to lock down you API without writing a ton of code.
In this tutorial, you will learn how to write a secure API with future proof security utilizing JOSE. JOSE is a collection of complimentary standards: JWT, JWE, JWS, JWA, and JWK. JOSE is used by OAuth, OpenID, and others to secure communications between APIs and consumers. Now you can use it to secure your API.
WordPress: Lightning Fast. Learn the ropes on optimizing WordPress for page speed using Google's PageSpeed Insights. Learn how I've achieved scores of up to 100/100 using Google's tool and a few WordPress plugins.
WordPress Security Tips By Catch Internet:
http://catchinternet.com
This slide will cover WordPress Hosting Servers, Example of Link Injection Hacks, How to Secure your WordPress site basics and WordPress Security Plugins
With the dominance of Mobile Apps, Single Page Apps for the Web, and Micro-Services, we are all building more APIs than ever before. Like many other developers, I had struggled with finding the right mix of security and simplicity for securing APIs. Some standards from the IETF have made it possible to accomplish both. Let me show you how to utilize existing libraries to lock down you API without writing a ton of code.
In this tutorial, you will learn how to write a secure API with future proof security utilizing JOSE. JOSE is a collection of complimentary standards: JWT, JWE, JWS, JWA, and JWK. JOSE is used by OAuth, OpenID, and others to secure communications between APIs and consumers. Now you can use it to secure your API.
WordPress: Lightning Fast. Learn the ropes on optimizing WordPress for page speed using Google's PageSpeed Insights. Learn how I've achieved scores of up to 100/100 using Google's tool and a few WordPress plugins.
WordPress Security Tips By Catch Internet:
http://catchinternet.com
This slide will cover WordPress Hosting Servers, Example of Link Injection Hacks, How to Secure your WordPress site basics and WordPress Security Plugins
Following the success of global efforts to exchange genomic and other biomedical data, we have now witnessed the emergence of global databases in metabolomics. The MetaboLights database, the first general purpose, cross-species, cross-application database in metabolomics, became the fastest growing data repository at the EMBL-EBI in terms of data volume. Here we present the automated assembly of species metabolomes in MetaboLights through user submissions. User submission of data to public repositories such as MetaboLights are now not only encouraged by publishers and funders but can now also directly benefit the publication record of a scientist by describing the published dataset in a data publication in journals such as Nature Scientific Data.
I put this guide together as a way to plan for my second solo trip to three new cities: Prague, Dublin, & Lisbon. It is embarrassingly detailed, but proved to be irreplaceable for planning, organizing, and navigating my trip. Although some of the material is context dependent (like getting to & from my hostels), it includes many other useful aspects like tourist attractions, transportation methods, student prices, and city maps.
This presentation describes the challenges faced during Change Programmes and how Social Media strategies can be used to massively improve communications within an organisation during Change
Social Media Strategies for Start Up CompaniesMichael DeAloia
The Emerging Chefs, a Cleveland, OH company that specializes in creating distinctive events around chefs and culinary trends, details the use of social media for special events. This start-up company has seen incredible results in tickets sales and profitability per event only using social media platforms.
User authentication in mobile apps is a very common and integral use case. Implementing regular passwords is an easy solution but comes with several pitfalls that impair user experience. In this talk the security flaws and UX implications of passwords will be discussed and highlighted which different techniques exist that are able to offer a more mobile friendly flow. Highlighting authorization and authentication techniques like OAuth, OpenID Connect and even hardware features like Bluetooth Low Energy this talk will be interesting for anyone who’s facing a situation where creating and storing user accounts matters.
As presented in DroidCon Tel Aviv 2014 by:
Tim Messerschmidt, PayPal
http://il.droidcon.com
Securing RESTful APIs using OAuth 2 and OpenID ConnectJonathan LeBlanc
Constructing a successful and simple API is the lifeblood of your developer community. As we construct our API we need a secure way to authenticate and track apps & requests; OAuth 2 provides us with a secure and open way of doing just this.
In this talk, we will examine REST and OAuth 2 as standards for building secure API infrastructures, exploring architectural decisions in choosing REST standard variations and implementations of OAuth 2
This presentation was being held at Droidcon DE 2014. It covers the main issues with passwords in mobile and web applications and which alternative technolgoies can help resolving them.
This speech was held at Droidcon Berlin 2014. It covers key issues of passwords and what can be done to resolve them by moving on to more advanced authentication techniques like OAuth 2.0 or even biometry.
Following the success of global efforts to exchange genomic and other biomedical data, we have now witnessed the emergence of global databases in metabolomics. The MetaboLights database, the first general purpose, cross-species, cross-application database in metabolomics, became the fastest growing data repository at the EMBL-EBI in terms of data volume. Here we present the automated assembly of species metabolomes in MetaboLights through user submissions. User submission of data to public repositories such as MetaboLights are now not only encouraged by publishers and funders but can now also directly benefit the publication record of a scientist by describing the published dataset in a data publication in journals such as Nature Scientific Data.
I put this guide together as a way to plan for my second solo trip to three new cities: Prague, Dublin, & Lisbon. It is embarrassingly detailed, but proved to be irreplaceable for planning, organizing, and navigating my trip. Although some of the material is context dependent (like getting to & from my hostels), it includes many other useful aspects like tourist attractions, transportation methods, student prices, and city maps.
This presentation describes the challenges faced during Change Programmes and how Social Media strategies can be used to massively improve communications within an organisation during Change
Social Media Strategies for Start Up CompaniesMichael DeAloia
The Emerging Chefs, a Cleveland, OH company that specializes in creating distinctive events around chefs and culinary trends, details the use of social media for special events. This start-up company has seen incredible results in tickets sales and profitability per event only using social media platforms.
User authentication in mobile apps is a very common and integral use case. Implementing regular passwords is an easy solution but comes with several pitfalls that impair user experience. In this talk the security flaws and UX implications of passwords will be discussed and highlighted which different techniques exist that are able to offer a more mobile friendly flow. Highlighting authorization and authentication techniques like OAuth, OpenID Connect and even hardware features like Bluetooth Low Energy this talk will be interesting for anyone who’s facing a situation where creating and storing user accounts matters.
As presented in DroidCon Tel Aviv 2014 by:
Tim Messerschmidt, PayPal
http://il.droidcon.com
Securing RESTful APIs using OAuth 2 and OpenID ConnectJonathan LeBlanc
Constructing a successful and simple API is the lifeblood of your developer community. As we construct our API we need a secure way to authenticate and track apps & requests; OAuth 2 provides us with a secure and open way of doing just this.
In this talk, we will examine REST and OAuth 2 as standards for building secure API infrastructures, exploring architectural decisions in choosing REST standard variations and implementations of OAuth 2
This presentation was being held at Droidcon DE 2014. It covers the main issues with passwords in mobile and web applications and which alternative technolgoies can help resolving them.
This speech was held at Droidcon Berlin 2014. It covers key issues of passwords and what can be done to resolve them by moving on to more advanced authentication techniques like OAuth 2.0 or even biometry.
"Death To Passwords" was delivered at Mobile Tech Con 2014 in Munich. It's a talk covering the base weaknesses of passwords and which alternative technologies can help surpassing these.
Exploring Advanced Authentication Methods in Novell Access ManagerNovell
Novell Access Manager provides many different levels of authentication beyond a simple user name and password. In this session, you will learn about its more advanced methods of authentication—from emerging standard like OpenID and CardSpace to tokens and certificates. Attendees will also see a demonstration of FreeRADIUS and the Vasco Digipass with Novell eDirectory, the Vasco NMAS method and an Access Manager plug-in that provides SSO to Web applications that expect a static password.
Module 13 (web based password cracking techniques)Wail Hassan
Password cracking doesn't have to involve fancy tools, but it's a fairly tedious process. If the target doesn't lock you out after a specific number of tries, you can spend an infinite amount of time trying every combination of alphanumeric characters. It's just a question of time and bandwidth before you break into a system.
The most common passwords found are password, root, administrator, admin, operator, demo, test, webmaster, backup, guest, trial, member, private, beta, [company_name] or [known_username].
Token Authentication for Java ApplicationsStormpath
Everyone building a web application that supports user login is concerned with security. How do you securely authenticate users and keep their identity secure? With the huge growth in Single Page Applications (SPAs), JavaScript and mobile applications, how do you keep users safe even though these are 'unsafe' client environments?
This presentation will demystify HTTP Authentication and explain how the Next Big Thing - Token Authentication - can be used to secure web applications on the JVM, REST APIs, and 'unsafe' clients while supporting security best practices and even improving your application's performance and scale.
The state of passwordless auth on the webPhil Nash
Can we get rid of passwords yet? They make for a poor user experience and users are notoriously bad with them. The advent of WebAuthn has brought a passwordless world closer, but where do we really stand?
In this talk we'll explore the current user experience of WebAuthn and the requirements a user has to fulfil for them to authenticate without a password. We'll also explore the fallbacks and safeguards we can use to make the password experience better and more secure. By the end of the session you'll have a vision for how authentication could look in the future and a blueprint for how to build the best auth experience today.
--
Links:
Passkey demo: https://www.passkeys.io/
https://webauthn.me/
https://web.dev/passkey-registration/
https://web.dev/web-otp/
https://web.dev/security-credential-management/
https://www.twilio.com/blog/html-attributes-two-factor-authentication-autocomplete
https://github.com/philnash/web-otp-input
Companion slides for Stormpath CTO and Co-Founder Les REST API Security Webinar. This presentation covers all the RESTful best practices learned building the Stormpath APIs. This webinar is full of best practices learned building the Stormpath API and supporting authentication for thousands of projects. Topics Include:
- HTTP Authentication
- Choosing a Security Protocol
- Generating & Managing API Keys
- Authorization & Scopes
- Token Authentication with JSON Web Tokens (JWTs)
- Much more...
Stormpath is a User Management API that reduces development time with instant-on, scalable user infrastructure. Stormpath's intuitive API and expert support make it easy for developers to authenticate, manage and secure users and roles in any application.
Understanding Identity in the World of Web APIs – Ronnie Mitra, API Architec...CA API Management
Web Based APIs have become a powerful tool for reaching end users in an increasingly fragmented market. The emergence of public and private APIs have introduced new challenges in identity management and access control. Attend this session to get a crash course in Web APIs, the risks they introduce and the emerging standards that can make them safer to use (including OAuth 2 and Open ID Connect)
Benefits and Risks of a Single Identity - IBM Connect 2017Gabriella Davis
What is valuable about a single identity, why is that something people want and how achievable is it? As people work across multiple systems they encounter an equal number of barriers where they must authenticate or otherwise prove their identity in order to gain access. Ideally we always want to be showing the same information about ourselves regardless of where someone searches or how we are found. In this session we’ll discuss the issues behind both creating a single identity and simplifying authentication. We’ll also review the risks you need to be aware of, the technologies available to you and the importance of good and current personal information.
This is an updated presentation that includes some speaker notes for clarity
The State of Passwordless Auth on the Web - Phil NashAll Things Open
Presented at All Things Open 2023
Presented by Phil Nash - Sonar
Title: The State of Passwordless Auth on the Web
Abstract: Can we get rid of passwords yet? They make for a poor user experience and users are notoriously bad with them. The advent of WebAuthn has brought a passwordless world closer, but where do we really stand?
In this talk we'll explore the current user experience of WebAuthn and the requirements a user has to fulfil to authenticate without a password. We'll also explore the fallbacks and safeguards we can use to make the password experience better and more secure. By the end of the session you'll have a vision of how authentication could look in the future and a blueprint for how to build the best auth experience today.
Find more info about All Things Open:
On the web: https://www.allthingsopen.org/
Twitter: https://twitter.com/AllThingsOpen
LinkedIn: https://www.linkedin.com/company/all-things-open/
Instagram: https://www.instagram.com/allthingsopen/
Facebook: https://www.facebook.com/AllThingsOpen
Mastodon: https://mastodon.social/@allthingsopen
Threads: https://www.threads.net/@allthingsopen
2023 conference: https://2023.allthingsopen.org/
In this presentation, you will see what is Ethical Hacking, the purpose of Ethical Hacking, who is an Ethical Hacker, and the various Ethical Hacking certifications. With the rise in the number of cybercrimes, it is necessary for companies to hire Ethical Hackers to protect their networks and data. Here you will have a look at the five different Ethical Hacking certifications, namely Certified Ethical Hacker (CEH), Global Information Assurance Certification Penetration Tester (GPEN), Offensive Security Certified Professional (OSCP), CompTIA Pentest+ and Licensed Penetration Tester(LPT). We will talk about each of these certifications individually and have a look at their description, requirements to take up the certification, the exam fees, the exam duration, and finally, the average annual salary of a candidate with these certifications.
Below topics are explained in this Ethical Hacking certifications presentation:
1. What is Ethical Hacking?
2. Purpose of Ethical Hacking
3. Who is an Ethical Hacker?
4. Ethical Hacking certifications
5. CEH (Certified Ethical Hacker)
6. Global information assurance certification penetration tester (GPEN)
7. Offensive security certified professional (OSCP)
8. CompTia PenTest+
9. Licensed penetration tester (LPT)
This Certified Ethical Hacker-Version 10 (earlier CEHv9) course will train you on the advanced step-by-step methodologies that hackers actually use, such as writing virus codes and reverse engineering, so you can better protect corporate infrastructure from data breaches. This ethical hacking course will help you master advanced network packet analysis and advanced system penetration testing techniques to build your network security skill-set and beat hackers at their own game.
Why is the CEH certification so desirable?
The EC-Council Certified Ethical Hacker course verifies your advanced security skill-sets to thrive in the worldwide information security domain. Many IT departments have made CEH certification a compulsory qualification for security-related posts, making it a go-to certification for security professionals. CEH-certified professionals typically earn 44 percent higher salaries than their non-certified peers. The ethical hacking certification course opens up numerous career advancement opportunities, preparing you for a role as a computer network defence (CND) analyst, CND infrastructure support, CND incident responder, CND auditor, forensic analyst, intrusion analyst, security manager, and other related high-profile roles.
Learn more at https://www.simplilearn.com/cyber-security/ceh-certification
This presentation was given at Web Directions South in 2008. It is a developers guide to building sites using OpenID, OAuth and webservices - no code, but enough to point you in the right direction
This keynote was held at Droidcon Moscow and Mobile Days Ankara. It covers upcoming technology that influences how people will be paying while leveraging technologies like Bluetooth Smart or Wearables.
The web can do that better - My adventure with HTML5 Vide, WebRTC and Shared ...PayPal
For this years Battle Hack series of hackathons I wanted to replace our dated and clunky Mac OS X video recording app with something more modern. As a web native my initial thoughts went to WebRTC and HTML5 video, but things were not that simple and so started my journey that eventually led me to discover MRecordRTC and HTML5 Shared Web Workers.
These are the slides of Tim Messerschmidt's presentation at LondonJS Conf 2014. They provide an overview about Kraken's main features and how to use them in practice.
This speech was held during the Droidcon Eastern Europe / Romania in Bucharest 2013. It highlights how payments work, which different kind of payments and monetization strategies work and how to apply them best to your Android application.
Reinvigorating Stagnant Innovation Through Your Developer NetworkPayPal
Innovation is a constant struggle for any organization, but what do you do once you have been deemed irrelevant and innovation stagnant?
The hardest part in changing external opinions is in giving up control over your development path, allowing your community to guide your future. It all starts with asking them, “What do you want us to do?”.
This session will explore how to build a developer network community to reinvigorate your company innovation, taken from building two highly successful company developer networks. We’ll look at how to track success metrics, begin engagement, and change towards an innovative development model.
This talk is about Open Identity and using it to create an amazing user experience. Also it handles topics like secure API communication to protect your service and users from different kind of attacks like CSRF.
The difference between Authentication and Authorization are being highlighted and OAuth, OpenID Connect etc. get explained.
User growth and feature enhancements are the building blocks towards the early success of a startup, but as a startup becomes a company, it needs to be able to stand on its own. Monetizing a startup can be a harrowing and heart wrenching experience, since many companies put off these integrations until a product is established, leaving them with little choice but to resort to traditional monetization methodologies like advertising, since any model doesn't fit their current product state, but it doesn't have to be that way.
Through working with thousands of startups within PayPal innovation programs and beyond, we have seen how early adoption of proper monetization methodologies can provide you with creative solutions for building a financial backing into your startup, without ever having to resort to hard selling your users to help keep you profitable; the same users who built your product to begin with.
Exploring these principles, we'll see how essential creative monetization principles are towards building a strong backbone into a startup, helping it survive the trials of feature and user growth.
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...DanBrown980551
Do you want to learn how to model and simulate an electrical network from scratch in under an hour?
Then welcome to this PowSyBl workshop, hosted by Rte, the French Transmission System Operator (TSO)!
During the webinar, you will discover the PowSyBl ecosystem as well as handle and study an electrical network through an interactive Python notebook.
PowSyBl is an open source project hosted by LF Energy, which offers a comprehensive set of features for electrical grid modelling and simulation. Among other advanced features, PowSyBl provides:
- A fully editable and extendable library for grid component modelling;
- Visualization tools to display your network;
- Grid simulation tools, such as power flows, security analyses (with or without remedial actions) and sensitivity analyses;
The framework is mostly written in Java, with a Python binding so that Python developers can access PowSyBl functionalities as well.
What you will learn during the webinar:
- For beginners: discover PowSyBl's functionalities through a quick general presentation and the notebook, without needing any expert coding skills;
- For advanced developers: master the skills to efficiently apply PowSyBl functionalities to your real-world scenarios.
UiPath Test Automation using UiPath Test Suite series, part 4DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 4. In this session, we will cover Test Manager overview along with SAP heatmap.
The UiPath Test Manager overview with SAP heatmap webinar offers a concise yet comprehensive exploration of the role of a Test Manager within SAP environments, coupled with the utilization of heatmaps for effective testing strategies.
Participants will gain insights into the responsibilities, challenges, and best practices associated with test management in SAP projects. Additionally, the webinar delves into the significance of heatmaps as a visual aid for identifying testing priorities, areas of risk, and resource allocation within SAP landscapes. Through this session, attendees can expect to enhance their understanding of test management principles while learning practical approaches to optimize testing processes in SAP environments using heatmap visualization techniques
What will you get from this session?
1. Insights into SAP testing best practices
2. Heatmap utilization for testing
3. Optimization of testing processes
4. Demo
Topics covered:
Execution from the test manager
Orchestrator execution result
Defect reporting
SAP heatmap example with demo
Speaker:
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
Transcript: Selling digital books in 2024: Insights from industry leaders - T...BookNet Canada
The publishing industry has been selling digital audiobooks and ebooks for over a decade and has found its groove. What’s changed? What has stayed the same? Where do we go from here? Join a group of leading sales peers from across the industry for a conversation about the lessons learned since the popularization of digital books, best practices, digital book supply chain management, and more.
Link to video recording: https://bnctechforum.ca/sessions/selling-digital-books-in-2024-insights-from-industry-leaders/
Presented by BookNet Canada on May 28, 2024, with support from the Department of Canadian Heritage.
Connector Corner: Automate dynamic content and events by pushing a buttonDianaGray10
Here is something new! In our next Connector Corner webinar, we will demonstrate how you can use a single workflow to:
Create a campaign using Mailchimp with merge tags/fields
Send an interactive Slack channel message (using buttons)
Have the message received by managers and peers along with a test email for review
But there’s more:
In a second workflow supporting the same use case, you’ll see:
Your campaign sent to target colleagues for approval
If the “Approve” button is clicked, a Jira/Zendesk ticket is created for the marketing design team
But—if the “Reject” button is pushed, colleagues will be alerted via Slack message
Join us to learn more about this new, human-in-the-loop capability, brought to you by Integration Service connectors.
And...
Speakers:
Akshay Agnihotri, Product Manager
Charlie Greenberg, Host
Accelerate your Kubernetes clusters with Varnish CachingThijs Feryn
A presentation about the usage and availability of Varnish on Kubernetes. This talk explores the capabilities of Varnish caching and shows how to use the Varnish Helm chart to deploy it to Kubernetes.
This presentation was delivered at K8SUG Singapore. See https://feryn.eu/presentations/accelerate-your-kubernetes-clusters-with-varnish-caching-k8sug-singapore-28-2024 for more details.
Key Trends Shaping the Future of Infrastructure.pdfCheryl Hung
Keynote at DIGIT West Expo, Glasgow on 29 May 2024.
Cheryl Hung, ochery.com
Sr Director, Infrastructure Ecosystem, Arm.
The key trends across hardware, cloud and open-source; exploring how these areas are likely to mature and develop over the short and long-term, and then considering how organisations can position themselves to adapt and thrive.
PHP Frameworks: I want to break free (IPC Berlin 2024)Ralf Eggert
In this presentation, we examine the challenges and limitations of relying too heavily on PHP frameworks in web development. We discuss the history of PHP and its frameworks to understand how this dependence has evolved. The focus will be on providing concrete tips and strategies to reduce reliance on these frameworks, based on real-world examples and practical considerations. The goal is to equip developers with the skills and knowledge to create more flexible and future-proof web applications. We'll explore the importance of maintaining autonomy in a rapidly changing tech landscape and how to make informed decisions in PHP development.
This talk is aimed at encouraging a more independent approach to using PHP frameworks, moving towards a more flexible and future-proof approach to PHP development.
Epistemic Interaction - tuning interfaces to provide information for AI supportAlan Dix
Paper presented at SYNERGY workshop at AVI 2024, Genoa, Italy. 3rd June 2024
https://alandix.com/academic/papers/synergy2024-epistemic/
As machine learning integrates deeper into human-computer interactions, the concept of epistemic interaction emerges, aiming to refine these interactions to enhance system adaptability. This approach encourages minor, intentional adjustments in user behaviour to enrich the data available for system learning. This paper introduces epistemic interaction within the context of human-system communication, illustrating how deliberate interaction design can improve system understanding and adaptation. Through concrete examples, we demonstrate the potential of epistemic interaction to significantly advance human-computer interaction by leveraging intuitive human communication strategies to inform system design and functionality, offering a novel pathway for enriching user-system engagements.
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...UiPathCommunity
💥 Speed, accuracy, and scaling – discover the superpowers of GenAI in action with UiPath Document Understanding and Communications Mining™:
See how to accelerate model training and optimize model performance with active learning
Learn about the latest enhancements to out-of-the-box document processing – with little to no training required
Get an exclusive demo of the new family of UiPath LLMs – GenAI models specialized for processing different types of documents and messages
This is a hands-on session specifically designed for automation developers and AI enthusiasts seeking to enhance their knowledge in leveraging the latest intelligent document processing capabilities offered by UiPath.
Speakers:
👨🏫 Andras Palfi, Senior Product Manager, UiPath
👩🏫 Lenka Dulovicova, Product Program Manager, UiPath
12. Security Nightmare
4.7% of users have the password password
8.5% have the passwords password or 123456
9.8% have the passwords password, 123456, 12345678
14% have a password from the top 10 passwords
40% have a password from the top 100 passwords
79% have a password from the top 500 passwords
91% have a password from the top 1000 passwords
20. Consumer
Service Provider
Direct User to Service
Obtain Authorization
Request
Access Token
Grant
Access Token
Access
Resources / Profile
Direct to Consumer
21. HTTP Header
URL url = new URL(”http://url.com/”);
HttpURLConnection urlConnection =
(HttpURLConnection) url.openConnection();
setRequestProperty(”Authorization”, ”Bearer …”);
URI parameter
“url.com/oauth?access_token=…”
36. Log in via PayPal
in the browser or
a WebView.
37. Yeah, nice.. but why?
People forget passwords…
45% admit to leaving a website instead of resetting their password or answering security
questions *
* Blue Inc. 2011
38. Also they hate to register
Out of 657 surveyed users 66% think that social
sign-in is a desirable alternative. *
* Blue Inc. 2011
39.
40. Wrap up
Identity does matter
Difference between authentication
and authorization
User Experience should be
enhanced not impaired