OAuth is an open protocol that allows secure API authorization through a simple authorization method. It replaces the need for usernames and passwords with tokens and signatures. This allows users to control access to their account without having to change their main password. Many companies have adopted OAuth due to its security benefits over traditional passwords. Developers have created OAuth libraries in many programming languages to make implementation easier.
If you've ever written any code to authenticate wtih Twitter, you may have been confused by all the signature methods and base strings. You'll be happy to know that OAuth 2 has vastly simplified the process, but at what cost?
This talk will give an overview of the OAuth 2 spec, starting with the various options the standard gives to developers for building web apps and native apps. We'll look at what the end user sees, work our way to what developers using an OAuth 2 API deal with, and we’ll end up at what developers of OAuth-2-compliant APIs will need to know to successfully implement the standard.
Many large providers have recently deployed APIs using OAuth 2, including Facebook, Foursquare, Google, and more. But since OAuth 2 is technically still a "draft," many aspects of the spec change from month to month and it's sometimes hard to keep up. We'll cover the commonalities and differences between some of the major providers and draft versions. The security implications of some of the changes between versions 1 and 2 will be covered, along with recommendations for best practices. You'll also get a glimpse of the debates currently raging on the internal OAuth 2 mailing list.
Presented at Open Source Bridge 2011
http://opensourcebridge.org/sessions/686
Current list of OAuth 2 Providers
http://aaronparecki.com/The_Current_State_of_OAuth_2
If you've ever written any code to authenticate wtih Twitter, you may have been confused by all the signature methods and base strings. You'll be happy to know that OAuth 2 has vastly simplified the process, but at what cost?
This talk will give an overview of the OAuth 2 spec, starting with the various options the standard gives to developers for building web apps and native apps. We'll look at what the end user sees, work our way to what developers using an OAuth 2 API deal with, and we’ll end up at what developers of OAuth-2-compliant APIs will need to know to successfully implement the standard.
Many large providers have recently deployed APIs using OAuth 2, including Facebook, Foursquare, Google, and more. But since OAuth 2 is technically still a "draft," many aspects of the spec change from month to month and it's sometimes hard to keep up. We'll cover the commonalities and differences between some of the major providers and draft versions. The security implications of some of the changes between versions 1 and 2 will be covered, along with recommendations for best practices. You'll also get a glimpse of the debates currently raging on the internal OAuth 2 mailing list.
Presented at Open Source Bridge 2011
http://opensourcebridge.org/sessions/686
Current list of OAuth 2 Providers
http://aaronparecki.com/The_Current_State_of_OAuth_2
Web Application Security and Release of "WhiteHat Arsenal"Jeremiah Grossman
Discussion will include the theory surrounding some of the more dangerous web application attacks known, how to test for them quickly and determine possible countermeasures. Insecure and unprotected web applications are the fastest, easiest, and arguably the most utilized route to compromise networks and exploit users. It is for these very reasons that WhiteHat Security Inc., is pleased to introduce its new release, "WhiteHat Arsenal", the next generation of professional web security audit software.
WH Arsenal possesses a powerful suite of GUI-Browser based web security tools. These endowments make WH Arsenal capable of completing painstaking web security pen-test work considerably faster and more effectively than any of the currently available tools. Imagine employing WH Arsenal to quickly customize and execute just about any web security attack possible and having those penetration attempts logged in XML format for later reporting or analysis.
Many experienced web security professionals tend to agree that even the best current web security scanners, which scan only for known vulnerabilities, achieve only very limited success or simply do not work at all. Furthermore, these types of tools often result in an enormous overflow of false positives. WhiteHat understands these frustrating shortcomings and is poised to revolutionize the way in which web applications are penetration tested.
Dart on Arm - Flutter Bangalore June 2021Chris Swan
Running Dart on Arm servers, covering the trade offs between JIT and AOT. The dependencies needed for building and running AOT binaries, and how to cross compile Arm binaries.
Open APIs - Risks and Rewards (Øredev 2013)Nordic APIs
Introducing Open APIs and the security risks involved and the great rewards that can be reaped. Going through the advantages of using and publishing APIs and how to get started, how to handle security risks with a "neo-security" stack and how Twitters API has been used to analyse Twitter use in Sweden.
Lightning talk from Øredev 7 november 2013 in Malmö Sweden. Presented by Andreas Krohn, Travis Spencer and Hampus Brynolf. More information at http://nordicapis.com/oredev2013.
In-house OAuth/OIDC Infrastructure as a Competitive Advantage #eic2021Tatsuo Kudo
Leading service providers have started developing their software in-house to achieve competitive business advantages. They naturally think that their OAuth 2.0 / OpenID Connect servers could be built in that way, but neither existing IAM software nor IDaaS meet their requirements. This session introduces a new OAuth/OIDC service architecture with agility and controllability. https://www.kuppingercole.com/sessions/4952/2
Enterprise Google Gadgets Integrated with Alfresco - Open Source ECM Alfresco Software
What are Google Gadgets? What are their benefits to the Enterprise?
How do you develop Google Gadgets? What are WebScripts, and how do they help you integrate Google Gadgets with your Alfresco content repository? Open Source ECM, Java based. www.alfresco.com/about/ondemand <-- View recorded webinar here.
These questions and more are answered in this webinar.
There are severe privacy threats for users of Social Network Sites. If we want to prevent those from materializing, we need to prioritize and deconstruct them. Graduation presentation of David Riphagen.
www.privacyinsocialnetworksites.nl
Comet web applications with Python, Django & Orbitedskam
My own talk @ PyCon Italia 4
Developing "realtime" web applications it has never been so easy thanks to Orbited, an implementation of the "Comet" development model written in Python and Javascript.
The first part of the talk will introduce the argument showing all sort of different techniques, highliting all merits and defects and prove how Orbited could be used successfully in this field.
In the second part it will be showed the implementation of an application developed with Django web framework, that could be tried directly by the public.
Tara Hunt - Your Social Media Strategy Wont Save YouCarsonified Team
Being friendly and helpful on Facebook and Twitter won't make your app succeed. In this valuable session, Tara will explain how to think 'customer centrically', put user happiness first, reward enthusiasts, learn not launch and raise whuffie. She'll also explain the difference between 'Influencers' and 'Enthusiasts' and why it's important to reach the latter. Don't miss it!
More Related Content
Similar to How OAuth and portable data can revolutionize your web app - Chris Messina
Web Application Security and Release of "WhiteHat Arsenal"Jeremiah Grossman
Discussion will include the theory surrounding some of the more dangerous web application attacks known, how to test for them quickly and determine possible countermeasures. Insecure and unprotected web applications are the fastest, easiest, and arguably the most utilized route to compromise networks and exploit users. It is for these very reasons that WhiteHat Security Inc., is pleased to introduce its new release, "WhiteHat Arsenal", the next generation of professional web security audit software.
WH Arsenal possesses a powerful suite of GUI-Browser based web security tools. These endowments make WH Arsenal capable of completing painstaking web security pen-test work considerably faster and more effectively than any of the currently available tools. Imagine employing WH Arsenal to quickly customize and execute just about any web security attack possible and having those penetration attempts logged in XML format for later reporting or analysis.
Many experienced web security professionals tend to agree that even the best current web security scanners, which scan only for known vulnerabilities, achieve only very limited success or simply do not work at all. Furthermore, these types of tools often result in an enormous overflow of false positives. WhiteHat understands these frustrating shortcomings and is poised to revolutionize the way in which web applications are penetration tested.
Dart on Arm - Flutter Bangalore June 2021Chris Swan
Running Dart on Arm servers, covering the trade offs between JIT and AOT. The dependencies needed for building and running AOT binaries, and how to cross compile Arm binaries.
Open APIs - Risks and Rewards (Øredev 2013)Nordic APIs
Introducing Open APIs and the security risks involved and the great rewards that can be reaped. Going through the advantages of using and publishing APIs and how to get started, how to handle security risks with a "neo-security" stack and how Twitters API has been used to analyse Twitter use in Sweden.
Lightning talk from Øredev 7 november 2013 in Malmö Sweden. Presented by Andreas Krohn, Travis Spencer and Hampus Brynolf. More information at http://nordicapis.com/oredev2013.
In-house OAuth/OIDC Infrastructure as a Competitive Advantage #eic2021Tatsuo Kudo
Leading service providers have started developing their software in-house to achieve competitive business advantages. They naturally think that their OAuth 2.0 / OpenID Connect servers could be built in that way, but neither existing IAM software nor IDaaS meet their requirements. This session introduces a new OAuth/OIDC service architecture with agility and controllability. https://www.kuppingercole.com/sessions/4952/2
Enterprise Google Gadgets Integrated with Alfresco - Open Source ECM Alfresco Software
What are Google Gadgets? What are their benefits to the Enterprise?
How do you develop Google Gadgets? What are WebScripts, and how do they help you integrate Google Gadgets with your Alfresco content repository? Open Source ECM, Java based. www.alfresco.com/about/ondemand <-- View recorded webinar here.
These questions and more are answered in this webinar.
There are severe privacy threats for users of Social Network Sites. If we want to prevent those from materializing, we need to prioritize and deconstruct them. Graduation presentation of David Riphagen.
www.privacyinsocialnetworksites.nl
Comet web applications with Python, Django & Orbitedskam
My own talk @ PyCon Italia 4
Developing "realtime" web applications it has never been so easy thanks to Orbited, an implementation of the "Comet" development model written in Python and Javascript.
The first part of the talk will introduce the argument showing all sort of different techniques, highliting all merits and defects and prove how Orbited could be used successfully in this field.
In the second part it will be showed the implementation of an application developed with Django web framework, that could be tried directly by the public.
Tara Hunt - Your Social Media Strategy Wont Save YouCarsonified Team
Being friendly and helpful on Facebook and Twitter won't make your app succeed. In this valuable session, Tara will explain how to think 'customer centrically', put user happiness first, reward enthusiasts, learn not launch and raise whuffie. She'll also explain the difference between 'Influencers' and 'Enthusiasts' and why it's important to reach the latter. Don't miss it!
Dion Almaer & Ben Galbraith - Build Once, Deploy EverywhereCarsonified Team
The Web is becoming the common operating system across all devices, both mobile and desktop. In this talk Dion will explain the technology that you need to understand to make sure your app is ready for the next era where all web apps will need to be mobile. This is going to give web developers a HUGE advantage and opportunity to deploy their apps to multiple devices, and it's vital to understand what's coming down the pipeline. Dion will explain exactly that, and prepare you for what's coming. Exciting!
Steve Huffman - Lessons learned while at reddit.comCarsonified Team
Neil will teach you five advanced website traffic statistics that you NEED to be measuring, but probably aren't. It isn't good enough anymore to just measure click-through and conversion rates to your signup page. You need MUCH more detail and Neil will explain how to get it and make decisions accordingly. You'll be amazed at the increase in valuable sign-ups and revenue increases you can achieve.
Neil Patel - What You Need to be Measuring and How to Do ItCarsonified Team
Neil will teach you five advanced website traffic statistics that you NEED to be measuring, but probably aren't. It isn't good enough anymore to just measure click-through and conversion rates to your signup page. You need MUCH more detail and Neil will explain how to get it and make decisions accordingly. You'll be amazed at the increase in valuable sign-ups and revenue increases you can achieve.
Molly Holzschlag - How HTML 5 is Going to Completely Change your Web AppCarsonified Team
The HTML 5 spec was originally called "Web Applications 1.0". Most of the attention has been on the new markup elements, but we'll look further at the applications side of the spec, including: 1. Dynamic images and graphs with canvas 2. Eliminating forms validation with webforms 2.0 3. Local storage for saving your data 4. Geolocation 5. Building toolbars and menus
Mike Mcderment - Marketing Metrics and the Systems You Need to Measure ThemCarsonified Team
Mike has grown FreshBooks from a one-man startup to a 30-person Web app company. He's going to teach you six essential terms that you need to understand in order to succeed with your app: 'Lifetime Value', 'Average Revenue per User', 'Churn', 'Gross Cost per Acquisition', 'Sales Funnel' and 'Customer Vintages'. He's then going to give an example with a real-life case study. This is one you can't afford to miss.
Fred Wilson - The 10 Golden Principles for Successful Web AppsCarsonified Team
In this session, Fred will share 10 vital principles that anyone working on a web app should know. His experience with Twitter, FeedBurner, Etsy, Delicious, Tumblr, Boxee, FourSquare, Meetup and more will prove invaluable to everyone attending.
Alex Payne - Speedy, Stable, and Secure: Better Web Applications Through Func...Carsonified Team
A whirlwind tour of the benefits of functional programming languages and how you can put them to work in your web application's architecture. Learn how to make the most of a rich type system, immutable data structures, and other features of languages like Scala, Erlang, Haskell, and OCaml. Find out where to get started with functional languages, and how they stack up when it comes to web app development.
Aaron Patzer - How to Take Your Start-up to the Next LevelCarsonified Team
Aaron successfully grew Mint.com from a small bootstrapped team to a large team that was acquired for $170M. In this session Aaron shared how he knew it was time to raise venture capital and grow his team aggressively. He also shared important lessons he's learned which you can directly apply to your business, whether you're raising venture capital or not.
Taking your Site from One to One Million Users by Kevin RoseCarsonified Team
At The Future of Web Apps London, Kevin shares the secrets to digg.com and wefollow.com's explosive user growth. He covers ten unique strategies that turn passive users into passionate advocates.
You'll learn:
1. How to encourage users to tweet about your app
2. The concept of "The Circle of Life" in web apps and how it affects you
3. Growing your userbase: What worked and what didn't for digg, WeFollow and Pownce
4. And more ...
Future of Web Apps Tour Edinburgh & Leeds presents "Lessons Learned from Selling Dropsend and other Web App Stories" by Ryan Carson, founder of Carsonified
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024Tobias Schneck
As AI technology is pushing into IT I was wondering myself, as an “infrastructure container kubernetes guy”, how get this fancy AI technology get managed from an infrastructure operational view? Is it possible to apply our lovely cloud native principals as well? What benefit’s both technologies could bring to each other?
Let me take this questions and provide you a short journey through existing deployment models and use cases for AI software. On practical examples, we discuss what cloud/on-premise strategy we may need for applying it to our own infrastructure to get it to work from an enterprise perspective. I want to give an overview about infrastructure requirements and technologies, what could be beneficial or limiting your AI use cases in an enterprise environment. An interactive Demo will give you some insides, what approaches I got already working for real.
UiPath Test Automation using UiPath Test Suite series, part 3DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 3. In this session, we will cover desktop automation along with UI automation.
Topics covered:
UI automation Introduction,
UI automation Sample
Desktop automation flow
Pradeep Chinnala, Senior Consultant Automation Developer @WonderBotz and UiPath MVP
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered QualityInflectra
In this insightful webinar, Inflectra explores how artificial intelligence (AI) is transforming software development and testing. Discover how AI-powered tools are revolutionizing every stage of the software development lifecycle (SDLC), from design and prototyping to testing, deployment, and monitoring.
Learn about:
• The Future of Testing: How AI is shifting testing towards verification, analysis, and higher-level skills, while reducing repetitive tasks.
• Test Automation: How AI-powered test case generation, optimization, and self-healing tests are making testing more efficient and effective.
• Visual Testing: Explore the emerging capabilities of AI in visual testing and how it's set to revolutionize UI verification.
• Inflectra's AI Solutions: See demonstrations of Inflectra's cutting-edge AI tools like the ChatGPT plugin and Azure Open AI platform, designed to streamline your testing process.
Whether you're a developer, tester, or QA professional, this webinar will give you valuable insights into how AI is shaping the future of software delivery.
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...DanBrown980551
Do you want to learn how to model and simulate an electrical network from scratch in under an hour?
Then welcome to this PowSyBl workshop, hosted by Rte, the French Transmission System Operator (TSO)!
During the webinar, you will discover the PowSyBl ecosystem as well as handle and study an electrical network through an interactive Python notebook.
PowSyBl is an open source project hosted by LF Energy, which offers a comprehensive set of features for electrical grid modelling and simulation. Among other advanced features, PowSyBl provides:
- A fully editable and extendable library for grid component modelling;
- Visualization tools to display your network;
- Grid simulation tools, such as power flows, security analyses (with or without remedial actions) and sensitivity analyses;
The framework is mostly written in Java, with a Python binding so that Python developers can access PowSyBl functionalities as well.
What you will learn during the webinar:
- For beginners: discover PowSyBl's functionalities through a quick general presentation and the notebook, without needing any expert coding skills;
- For advanced developers: master the skills to efficiently apply PowSyBl functionalities to your real-world scenarios.
The Art of the Pitch: WordPress Relationships and SalesLaura Byrne
Clients don’t know what they don’t know. What web solutions are right for them? How does WordPress come into the picture? How do you make sure you understand scope and timeline? What do you do if sometime changes?
All these questions and more will be explored as we talk about matching clients’ needs with what your agency offers without pulling teeth or pulling your hair out. Practical tips, and strategies for successful relationship building that leads to closing the deal.
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Albert Hoitingh
In this session I delve into the encryption technology used in Microsoft 365 and Microsoft Purview. Including the concepts of Customer Key and Double Key Encryption.
Transcript: Selling digital books in 2024: Insights from industry leaders - T...BookNet Canada
The publishing industry has been selling digital audiobooks and ebooks for over a decade and has found its groove. What’s changed? What has stayed the same? Where do we go from here? Join a group of leading sales peers from across the industry for a conversation about the lessons learned since the popularization of digital books, best practices, digital book supply chain management, and more.
Link to video recording: https://bnctechforum.ca/sessions/selling-digital-books-in-2024-insights-from-industry-leaders/
Presented by BookNet Canada on May 28, 2024, with support from the Department of Canadian Heritage.
Transcript: Selling digital books in 2024: Insights from industry leaders - T...
How OAuth and portable data can revolutionize your web app - Chris Messina
1. (FOR THE WIN)
OAuth FTW
How OAuth and portable data can
revolutionize your web app
Chris Messina October 10, 2008
Future of Web Apps London, England
2. OAuth |ō| |ôˌθ|
Noun.
An open protocol that allows secure
API authorization in a simple and
standard method from desktop, web
and mobile applications.
25. Brightkite > pings Fire Eagle for Request Token
Fire Eagle > returns authorization realm
26. Brightkite > requests that user authorize Brightkite
Fire Eagle > user authenticates through Yahoo! accounts
27. Fire Eagle > user grants authorization to Brightkite
Fire Eagle > Fire Eagle redirects user to callback URL
28. Brightkite > asks FE to exchange Request Token for Access Token
Fire Eagle > checks signature; if valid, returns Access Token
...subsequent requests are signed with this Access Token