SlideShare a Scribd company logo
MULTI-FACTOR AUTHENTICATION
AND STRONG AUTHENTICATION
ABOUT ME
PHILIPPE GAMACHE
HI I’M PHILIPPE
I’m a Developer Evangelist for kuzzle.io.
Long-time internet developer, author,
screen caster, podcaster and speaker. I’m
specializes in PHP, Symfony, Kuzzle,
security, code quality, performance, real
time and geolocation.
• Sécurité PHP 5 et MySQL 5
• OWASP Montreal
• PHP Quebec
• Table Top Game Developer
• Pen & Paper RPG Writer
I'M MISLEADING YOU
THIS IS NOT THE EIFFEL TOWER
WHERE IN LAS VEGAS
EIFFEL TOWER RESTAURANT
AGENDA
• Authentication vs Authorization
• Authentication's Problems
• The solutions
• Strong Authentication
• Solutions for all budgets
AUTHENTICATION VS AUTHORIZATION
• Authentication
• Procedure that verifies the identity of an entity (person, computer ...)
to allow access to resources (systems, networks, applications ...)
• Authorization
• Procedure that allows access to resources only to those authorized to
use.
AUTHORIZATION
AUTHENTICATION'S PROBLEMS
• Accurately identify the entity
• Accurately identify the entity type
• Accessibility
• Broken Password
A SIMPLE LIST
• People use easy to find password
• Easily give their passwords to
strangers
• without reason
• 45 % of woman1
• 10 % of man1
• For a chocolate bar
• 64 % of people1
• 21% have 10+ years old
password2
• 47% have 5+ years old password2
• 73% use duplicated password2
• 54% have 5 or fewer passwords
across the entire life2
• On average, only 6 unique
passwords are used to guard 24
online account2
BROKEN PASSWORD
THE HUMAN FACTOR
1 Infosec Europe Conference 2008
2 TeleSign Customer Account Security Report 2015
– Chris Nickerson - Exotic Liability #37
“In the middle of talking to him, he gives me, is online banking
username and password.”
– Chris Nickerson - Exotic Liability #37
“In the middle of talking to him, he gives me, is online banking
username and password.”
THE SOLUTION
USE SECURITY QUESTIONS?
THE SOLUTION
USE SECURITY QUESTIONS?
THE SOLUTIONS
SIGN THE FORM
<?php
$code = hash_hmac(
'sha256',
json_encode([
$verifierNonce,
$userID,
$expiration->format('Y-m-dTH:i:s')
]),
$tokenSigningKey
]);
THE SOLUTIONS
HTTP://WWW.CAPTCHA.NET/
CAPTCHA
IMAGES
CAPTCHA
HOT OR NOT
GOOGLE RECAPTCHA
HTTPS://WWW.GOOGLE.COM/RECAPTCHA/
GOOGLE RECAPTCHA
HTTPS://WWW.GOOGLE.COM/RECAPTCHA/
FAITHFULLY IDENTIFY THE ENTITY
AND SHOVE THE SECURITY PROBLEM AWAY
STRONG AUTHENTICATION
• Method of computer access control;
• User is granted access;
• After successfully presenting several separate pieces of evidence
MULTI-FACTOR AUTHENTICATION
MULTI-FACTOR AUTHENTICATION
MEMORIAL FACTOR
Memorial factor
MULTI-FACTOR AUTHENTICATION
MEMORIAL FACTOR
Memorial factor
MULTI-FACTOR AUTHENTICATION
MEMORIAL FACTOR
Memorial factor
MULTI-FACTOR AUTHENTICATION
MEMORIAL FACTOR
Memorial factor
MULTI-FACTOR AUTHENTICATION
MEMORIAL FACTOR
Memorial factor
MULTI-FACTOR AUTHENTICATION
MEMORIAL FACTOR
Memorial factor
MULTI-FACTOR AUTHENTICATION
PHYSICAL FACTOR
Memorial factor
Physical Factor
MULTI-FACTOR AUTHENTICATION
PHYSICAL FACTOR
Memorial factor
Physical Factor
MULTI-FACTOR AUTHENTICATION
PHYSICAL FACTOR
Memorial factor
Physical Factor
MULTI-FACTOR AUTHENTICATION
PHYSICAL FACTOR
Memorial factor
Physical Factor
MULTI-FACTOR AUTHENTICATION
PHYSICAL FACTOR
Memorial factor
Physical Factor
MULTI-FACTOR AUTHENTICATION
PHYSICAL FACTOR
Memorial factor
Physical Factor
MULTI-FACTOR AUTHENTICATION
PHYSICAL FACTOR
Memorial factor
Physical Factor
MULTI-FACTOR AUTHENTICATION
PHYSICAL FACTOR
Memorial factor
Physical Factor
MULTI-FACTOR AUTHENTICATION
PHYSICAL FACTOR
Memorial factor
Physical Factor
MULTI-FACTOR AUTHENTICATION
REACTIONAL FACTOR
Memorial factor
Reactional factor
Physical Factor
MULTI-FACTOR AUTHENTICATION
REACTIONAL FACTOR
Memorial factor
Reactional factor
Physical Factor
MULTI-FACTOR AUTHENTICATION
MATERIAL FACTOR
Memorial factor
Reactional factor
Physical FactorMaterial factor
MULTI-FACTOR AUTHENTICATION
MATERIAL FACTOR
Memorial factor
Reactional factor
Physical FactorMaterial factor
MULTI-FACTOR AUTHENTICATION
MATERIAL FACTOR
Memorial factor
Reactional factor
Physical FactorMaterial factor
MULTI-FACTOR AUTHENTICATION
MATERIAL FACTOR
Memorial factor
Reactional factor
Physical FactorMaterial factor
MULTI-FACTOR AUTHENTICATION
MATERIAL FACTOR
Memorial factor
Reactional factor
Physical FactorMaterial factor
MULTI-FACTOR AUTHENTICATION
MATERIAL FACTOR
Memorial factor
Reactional factor
Physical FactorMaterial factor
MULTI-FACTOR AUTHENTICATION
MATERIAL FACTOR
Memorial factor
Reactional factor
Physical FactorMaterial factor
MULTI-FACTOR AUTHENTICATION
MATERIAL FACTOR
Memorial factor
Reactional factor
Physical FactorMaterial factor
MULTI-FACTOR AUTHENTICATION
MATERIAL FACTOR
Memorial factor
Reactional factor
Physical FactorMaterial factor
MULTI-FACTOR AUTHENTICATION
MATERIAL FACTOR
Memorial factor
Reactional factor
Physical FactorMaterial factor
MULTI-FACTOR AUTHENTICATION
MATERIAL FACTOR
Memorial factor
Reactional factor
Physical FactorMaterial factor
MULTI-FACTOR AUTHENTICATION
MATERIAL FACTOR
Memorial factor
Reactional factor
Physical FactorMaterial factor
MULTI-FACTOR AUTHENTICATION
TWO-FACTOR AUTHENTICATION
Memorial factor
Reactional factor
Physical FactorMaterial factor
TWO-FACTOR AUTHENTICATION
EXAMPLES?
Memorial factor
Reactional factor
Physical FactorMaterial factor
SOLUTIONS FOR ALL BUDGETS
PERFECT PAPER PASSWORDS
PERFECT PAPER PASSWORDS
HTTPS://WWW.GRC.COM/PPP.HTM
PERFECT PAPER PASSWORDS
HTTPS://WWW.GRC.COM/PPP.HTM
PERFECT PAPER PASSWORDS
HTTPS://WWW.GRC.COM/PPP.HTM
SOLUTIONS FOR ALL BUDGETS
YUBIKEY
YUBIKEY
HTTP://WWW.YUBICO.COM/PRODUCTS/YUBIKEY/
tgbvgflvvndijcfhftgnnldhgviktivhdvnekehejceh
tgbvgflvvndiknblilkrtbdvflbdhvdvutlblkfuueel
cccccccclildcuhrrhneenjbrrbbnikcvhvbgbcbnvhn
cccccccclildibndgdgihuvdcggthnjrbcujdkujnblv
YUBIKEY
HTTP://WWW.YUBICO.COM/PRODUCTS/YUBIKEY/
SOLUTIONS FOR ALL BUDGETS
OATH OPEN AUTHENTICATION
SOLUTIONS FOR ALL BUDGETS
OATH OPEN AUTHENTICATION
SOLUTIONS FOR ALL BUDGETS
OATH OPEN AUTHENTICATION
https://openauthentication.org
STRONG AUTHENTICATION
• Man-in-the-middle attacks
• Session or cookies thefts
• Data theft if site not protected
• Advance Phishing
DOESN'T PROTECT YOU...
ANY QUESTIONS?
THANK YOU!
If you want to talk more,
feel free to contact me.
http://kuzzle.io
This presentation was created using Keynote. The text
is set in Oswald and Ubuntu. The source code is set in
Ubuntu Mono. The iconography is provided by Keynote,
kuzzle.io and Font Awesome.
Unless otherwise noted, all photographs are used by
permission under a Creative Commons license. Please
refer to the Photo Credits slide for more information.
Copyright ©
This work is licensed under Creative Commons
Attribution-ShareAlike 4.0 International. For uses not
covered under this license, please contact the author.
hello@kuzzle.io
@kuzzleio
Kuzzle
kuzzleio
http://kuzzle.io
Presentation
©
Format_Informations
hello@kuzzle.io
@kuzzleio
philippegamache
joind.in/talk/b21f7
Please visit us at:
PHOTO CREDITS
• Page 3 to 5: By Simeon87 (Own work) [CC BY-SA 3.0 (http://
creativecommons.org/licenses/by-sa/3.0)], via Wikimedia Commons
• Page 11: http://failblog.cheezburger.com/

More Related Content

Similar to Multi Factor Authetification - ZendCon 2017

Anastasiia Vixentael: 10 things you need to know before implementing cryptogr...
Anastasiia Vixentael: 10 things you need to know before implementing cryptogr...Anastasiia Vixentael: 10 things you need to know before implementing cryptogr...
Anastasiia Vixentael: 10 things you need to know before implementing cryptogr...
mdevtalk
 
Securing the Web without site-specific passwords
Securing the Web without site-specific passwordsSecuring the Web without site-specific passwords
Securing the Web without site-specific passwords
Francois Marier
 
Getting Started With WebAuthn
Getting Started With WebAuthnGetting Started With WebAuthn
Getting Started With WebAuthn
FIDO Alliance
 
Anastasia Vixentael - Don't Waste Time on Learning Cryptography: Better Use I...
Anastasia Vixentael - Don't Waste Time on Learning Cryptography: Better Use I...Anastasia Vixentael - Don't Waste Time on Learning Cryptography: Better Use I...
Anastasia Vixentael - Don't Waste Time on Learning Cryptography: Better Use I...
OWASP Kyiv
 
⛳️ Votre API passe-t-elle le contrôle technique ?
⛳️ Votre API passe-t-elle le contrôle technique ?⛳️ Votre API passe-t-elle le contrôle technique ?
⛳️ Votre API passe-t-elle le contrôle technique ?
François-Guillaume Ribreau
 
Threat Modeling 101
Threat Modeling 101Threat Modeling 101
Threat Modeling 101
Atlassian
 
Securing Your BBC Identity
Securing Your BBC IdentitySecuring Your BBC Identity
Securing Your BBC Identity
Marc Littlemore
 
Continuous Acceleration with a Software Supply Chain Approach
Continuous Acceleration with a Software Supply Chain ApproachContinuous Acceleration with a Software Supply Chain Approach
Continuous Acceleration with a Software Supply Chain Approach
Sonatype
 
How to get along with HATEOAS without letting the bad guys steal your lunch -...
How to get along with HATEOAS without letting the bad guys steal your lunch -...How to get along with HATEOAS without letting the bad guys steal your lunch -...
How to get along with HATEOAS without letting the bad guys steal your lunch -...
YK Chang
 
Control Quotient: Adaptive Strategies For Gracefully Losing Control (RSAC US ...
Control Quotient: Adaptive Strategies For Gracefully Losing Control (RSAC US ...Control Quotient: Adaptive Strategies For Gracefully Losing Control (RSAC US ...
Control Quotient: Adaptive Strategies For Gracefully Losing Control (RSAC US ...
David Etue
 
CIS13: Is Identity the Answer to the Great Question of Life, the Universe, an...
CIS13: Is Identity the Answer to the Great Question of Life, the Universe, an...CIS13: Is Identity the Answer to the Great Question of Life, the Universe, an...
CIS13: Is Identity the Answer to the Great Question of Life, the Universe, an...
CloudIDSummit
 
How to get along with HATEOAS without letting the bad guys steal your lunch?
How to get along with HATEOAS without letting the bad guys steal your lunch?How to get along with HATEOAS without letting the bad guys steal your lunch?
How to get along with HATEOAS without letting the bad guys steal your lunch?
Graham Charters
 
Knock x Knock: The Design and Evaluation of a Unified Authentication Manageme...
Knock x Knock: The Design and Evaluation of a Unified Authentication Manageme...Knock x Knock: The Design and Evaluation of a Unified Authentication Manageme...
Knock x Knock: The Design and Evaluation of a Unified Authentication Manageme...
Jason Hong
 
Jon McCoy - AppSec-USA-2014 Hacking C#(.NET) Applications:Defend by Design
Jon McCoy - AppSec-USA-2014 Hacking C#(.NET) Applications:Defend by DesignJon McCoy - AppSec-USA-2014 Hacking C#(.NET) Applications:Defend by Design
Jon McCoy - AppSec-USA-2014 Hacking C#(.NET) Applications:Defend by Design
jonmccoy
 
Ethical hacking for fun and profit
Ethical hacking for fun and profitEthical hacking for fun and profit
Ethical hacking for fun and profit
Florent Batard
 
Defense in Depth - Lessons Learned from Securing over 100,000 Drupal Sites
Defense in Depth - Lessons Learned from Securing over 100,000 Drupal SitesDefense in Depth - Lessons Learned from Securing over 100,000 Drupal Sites
Defense in Depth - Lessons Learned from Securing over 100,000 Drupal Sites
Pantheon
 
Passwords don't work multifactor controls do!
Passwords don't work   multifactor controls do!Passwords don't work   multifactor controls do!
Passwords don't work multifactor controls do!
FitCEO, Inc. (FCI)
 
Phishcops multifactor-authentication-website-authentication1096
Phishcops multifactor-authentication-website-authentication1096Phishcops multifactor-authentication-website-authentication1096
Phishcops multifactor-authentication-website-authentication1096
Hai Nguyen
 
Trust & UX
Trust & UXTrust & UX
Trust & UX
Michael Le
 
How to improve app business based on data?
How to improve app business based on data?How to improve app business based on data?
How to improve app business based on data?
DevGAMM Conference
 

Similar to Multi Factor Authetification - ZendCon 2017 (20)

Anastasiia Vixentael: 10 things you need to know before implementing cryptogr...
Anastasiia Vixentael: 10 things you need to know before implementing cryptogr...Anastasiia Vixentael: 10 things you need to know before implementing cryptogr...
Anastasiia Vixentael: 10 things you need to know before implementing cryptogr...
 
Securing the Web without site-specific passwords
Securing the Web without site-specific passwordsSecuring the Web without site-specific passwords
Securing the Web without site-specific passwords
 
Getting Started With WebAuthn
Getting Started With WebAuthnGetting Started With WebAuthn
Getting Started With WebAuthn
 
Anastasia Vixentael - Don't Waste Time on Learning Cryptography: Better Use I...
Anastasia Vixentael - Don't Waste Time on Learning Cryptography: Better Use I...Anastasia Vixentael - Don't Waste Time on Learning Cryptography: Better Use I...
Anastasia Vixentael - Don't Waste Time on Learning Cryptography: Better Use I...
 
⛳️ Votre API passe-t-elle le contrôle technique ?
⛳️ Votre API passe-t-elle le contrôle technique ?⛳️ Votre API passe-t-elle le contrôle technique ?
⛳️ Votre API passe-t-elle le contrôle technique ?
 
Threat Modeling 101
Threat Modeling 101Threat Modeling 101
Threat Modeling 101
 
Securing Your BBC Identity
Securing Your BBC IdentitySecuring Your BBC Identity
Securing Your BBC Identity
 
Continuous Acceleration with a Software Supply Chain Approach
Continuous Acceleration with a Software Supply Chain ApproachContinuous Acceleration with a Software Supply Chain Approach
Continuous Acceleration with a Software Supply Chain Approach
 
How to get along with HATEOAS without letting the bad guys steal your lunch -...
How to get along with HATEOAS without letting the bad guys steal your lunch -...How to get along with HATEOAS without letting the bad guys steal your lunch -...
How to get along with HATEOAS without letting the bad guys steal your lunch -...
 
Control Quotient: Adaptive Strategies For Gracefully Losing Control (RSAC US ...
Control Quotient: Adaptive Strategies For Gracefully Losing Control (RSAC US ...Control Quotient: Adaptive Strategies For Gracefully Losing Control (RSAC US ...
Control Quotient: Adaptive Strategies For Gracefully Losing Control (RSAC US ...
 
CIS13: Is Identity the Answer to the Great Question of Life, the Universe, an...
CIS13: Is Identity the Answer to the Great Question of Life, the Universe, an...CIS13: Is Identity the Answer to the Great Question of Life, the Universe, an...
CIS13: Is Identity the Answer to the Great Question of Life, the Universe, an...
 
How to get along with HATEOAS without letting the bad guys steal your lunch?
How to get along with HATEOAS without letting the bad guys steal your lunch?How to get along with HATEOAS without letting the bad guys steal your lunch?
How to get along with HATEOAS without letting the bad guys steal your lunch?
 
Knock x Knock: The Design and Evaluation of a Unified Authentication Manageme...
Knock x Knock: The Design and Evaluation of a Unified Authentication Manageme...Knock x Knock: The Design and Evaluation of a Unified Authentication Manageme...
Knock x Knock: The Design and Evaluation of a Unified Authentication Manageme...
 
Jon McCoy - AppSec-USA-2014 Hacking C#(.NET) Applications:Defend by Design
Jon McCoy - AppSec-USA-2014 Hacking C#(.NET) Applications:Defend by DesignJon McCoy - AppSec-USA-2014 Hacking C#(.NET) Applications:Defend by Design
Jon McCoy - AppSec-USA-2014 Hacking C#(.NET) Applications:Defend by Design
 
Ethical hacking for fun and profit
Ethical hacking for fun and profitEthical hacking for fun and profit
Ethical hacking for fun and profit
 
Defense in Depth - Lessons Learned from Securing over 100,000 Drupal Sites
Defense in Depth - Lessons Learned from Securing over 100,000 Drupal SitesDefense in Depth - Lessons Learned from Securing over 100,000 Drupal Sites
Defense in Depth - Lessons Learned from Securing over 100,000 Drupal Sites
 
Passwords don't work multifactor controls do!
Passwords don't work   multifactor controls do!Passwords don't work   multifactor controls do!
Passwords don't work multifactor controls do!
 
Phishcops multifactor-authentication-website-authentication1096
Phishcops multifactor-authentication-website-authentication1096Phishcops multifactor-authentication-website-authentication1096
Phishcops multifactor-authentication-website-authentication1096
 
Trust & UX
Trust & UXTrust & UX
Trust & UX
 
How to improve app business based on data?
How to improve app business based on data?How to improve app business based on data?
How to improve app business based on data?
 

More from Philippe Gamache

Cryptographie 101 Pour les programmeurs (PHP)
Cryptographie 101 Pour les programmeurs (PHP)Cryptographie 101 Pour les programmeurs (PHP)
Cryptographie 101 Pour les programmeurs (PHP)
Philippe Gamache
 
Content-Security-Policy 2018.0
Content-Security-Policy 2018.0Content-Security-Policy 2018.0
Content-Security-Policy 2018.0
Philippe Gamache
 
Mentor et votre équipe
Mentor et votre équipeMentor et votre équipe
Mentor et votre équipe
Philippe Gamache
 
Browser Serving Your We Application Security - ZendCon 2017
Browser Serving Your We Application Security - ZendCon 2017Browser Serving Your We Application Security - ZendCon 2017
Browser Serving Your We Application Security - ZendCon 2017
Philippe Gamache
 
Browser Serving Your Web Application Security - Madison PHP 2017
Browser Serving Your Web Application Security - Madison PHP 2017Browser Serving Your Web Application Security - Madison PHP 2017
Browser Serving Your Web Application Security - Madison PHP 2017
Philippe Gamache
 
OWASP Top 10 Proactive Controls 2016 - NorthEast PHP 2017
OWASP Top 10 Proactive Controls 2016 - NorthEast PHP 2017 OWASP Top 10 Proactive Controls 2016 - NorthEast PHP 2017
OWASP Top 10 Proactive Controls 2016 - NorthEast PHP 2017
Philippe Gamache
 
Browser Serving Your Web Application Security - NorthEast PHP 2017
Browser Serving Your Web Application Security - NorthEast PHP 2017Browser Serving Your Web Application Security - NorthEast PHP 2017
Browser Serving Your Web Application Security - NorthEast PHP 2017
Philippe Gamache
 
OWASP Top 10 Proactive Controls 2016 - PHP Québec August 2017
OWASP Top 10 Proactive Controls 2016 - PHP Québec August 2017OWASP Top 10 Proactive Controls 2016 - PHP Québec August 2017
OWASP Top 10 Proactive Controls 2016 - PHP Québec August 2017
Philippe Gamache
 
Kaizen ou l'amélioration continue
Kaizen ou l'amélioration continueKaizen ou l'amélioration continue
Kaizen ou l'amélioration continue
Philippe Gamache
 
Entreprise Security API - OWASP Montreal
Entreprise Security API - OWASP MontrealEntreprise Security API - OWASP Montreal
Entreprise Security API - OWASP Montreal
Philippe Gamache
 
Entreprise Security API - ConFoo 2011
Entreprise Security API - ConFoo 2011Entreprise Security API - ConFoo 2011
Entreprise Security API - ConFoo 2011
Philippe Gamache
 
Strong authetification - ConFoo 2011
Strong authetification - ConFoo 2011Strong authetification - ConFoo 2011
Strong authetification - ConFoo 2011
Philippe Gamache
 
Une application en une heure avec symfony - Collège de Mainsonneuve
Une application en une heure avec symfony - Collège de MainsonneuveUne application en une heure avec symfony - Collège de Mainsonneuve
Une application en une heure avec symfony - Collège de MainsonneuvePhilippe Gamache
 
Laboratoire sécurité : audit de code PHP - Conférence PHP Québec 2009
Laboratoire sécurité : audit de code PHP - Conférence PHP Québec 2009Laboratoire sécurité : audit de code PHP - Conférence PHP Québec 2009
Laboratoire sécurité : audit de code PHP - Conférence PHP Québec 2009
Philippe Gamache
 
One hour application - PHP Quebec Conference 2009
One hour application - PHP Quebec Conference 2009One hour application - PHP Quebec Conference 2009
One hour application - PHP Quebec Conference 2009
Philippe Gamache
 
Une application en deux heure - PHP Québec Janvier 2009
Une application en deux heure - PHP Québec Janvier 2009Une application en deux heure - PHP Québec Janvier 2009
Une application en deux heure - PHP Québec Janvier 2009
Philippe Gamache
 
Audit de code PHP - PHP Code Audit - HackFest.ca 2009
Audit de code PHP - PHP Code Audit - HackFest.ca 2009Audit de code PHP - PHP Code Audit - HackFest.ca 2009
Audit de code PHP - PHP Code Audit - HackFest.ca 2009
Philippe Gamache
 
Auditing and securing PHP applications - FRHACK 2009
Auditing and securing PHP applications - FRHACK 2009Auditing and securing PHP applications - FRHACK 2009
Auditing and securing PHP applications - FRHACK 2009
Philippe Gamache
 

More from Philippe Gamache (18)

Cryptographie 101 Pour les programmeurs (PHP)
Cryptographie 101 Pour les programmeurs (PHP)Cryptographie 101 Pour les programmeurs (PHP)
Cryptographie 101 Pour les programmeurs (PHP)
 
Content-Security-Policy 2018.0
Content-Security-Policy 2018.0Content-Security-Policy 2018.0
Content-Security-Policy 2018.0
 
Mentor et votre équipe
Mentor et votre équipeMentor et votre équipe
Mentor et votre équipe
 
Browser Serving Your We Application Security - ZendCon 2017
Browser Serving Your We Application Security - ZendCon 2017Browser Serving Your We Application Security - ZendCon 2017
Browser Serving Your We Application Security - ZendCon 2017
 
Browser Serving Your Web Application Security - Madison PHP 2017
Browser Serving Your Web Application Security - Madison PHP 2017Browser Serving Your Web Application Security - Madison PHP 2017
Browser Serving Your Web Application Security - Madison PHP 2017
 
OWASP Top 10 Proactive Controls 2016 - NorthEast PHP 2017
OWASP Top 10 Proactive Controls 2016 - NorthEast PHP 2017 OWASP Top 10 Proactive Controls 2016 - NorthEast PHP 2017
OWASP Top 10 Proactive Controls 2016 - NorthEast PHP 2017
 
Browser Serving Your Web Application Security - NorthEast PHP 2017
Browser Serving Your Web Application Security - NorthEast PHP 2017Browser Serving Your Web Application Security - NorthEast PHP 2017
Browser Serving Your Web Application Security - NorthEast PHP 2017
 
OWASP Top 10 Proactive Controls 2016 - PHP Québec August 2017
OWASP Top 10 Proactive Controls 2016 - PHP Québec August 2017OWASP Top 10 Proactive Controls 2016 - PHP Québec August 2017
OWASP Top 10 Proactive Controls 2016 - PHP Québec August 2017
 
Kaizen ou l'amélioration continue
Kaizen ou l'amélioration continueKaizen ou l'amélioration continue
Kaizen ou l'amélioration continue
 
Entreprise Security API - OWASP Montreal
Entreprise Security API - OWASP MontrealEntreprise Security API - OWASP Montreal
Entreprise Security API - OWASP Montreal
 
Entreprise Security API - ConFoo 2011
Entreprise Security API - ConFoo 2011Entreprise Security API - ConFoo 2011
Entreprise Security API - ConFoo 2011
 
Strong authetification - ConFoo 2011
Strong authetification - ConFoo 2011Strong authetification - ConFoo 2011
Strong authetification - ConFoo 2011
 
Une application en une heure avec symfony - Collège de Mainsonneuve
Une application en une heure avec symfony - Collège de MainsonneuveUne application en une heure avec symfony - Collège de Mainsonneuve
Une application en une heure avec symfony - Collège de Mainsonneuve
 
Laboratoire sécurité : audit de code PHP - Conférence PHP Québec 2009
Laboratoire sécurité : audit de code PHP - Conférence PHP Québec 2009Laboratoire sécurité : audit de code PHP - Conférence PHP Québec 2009
Laboratoire sécurité : audit de code PHP - Conférence PHP Québec 2009
 
One hour application - PHP Quebec Conference 2009
One hour application - PHP Quebec Conference 2009One hour application - PHP Quebec Conference 2009
One hour application - PHP Quebec Conference 2009
 
Une application en deux heure - PHP Québec Janvier 2009
Une application en deux heure - PHP Québec Janvier 2009Une application en deux heure - PHP Québec Janvier 2009
Une application en deux heure - PHP Québec Janvier 2009
 
Audit de code PHP - PHP Code Audit - HackFest.ca 2009
Audit de code PHP - PHP Code Audit - HackFest.ca 2009Audit de code PHP - PHP Code Audit - HackFest.ca 2009
Audit de code PHP - PHP Code Audit - HackFest.ca 2009
 
Auditing and securing PHP applications - FRHACK 2009
Auditing and securing PHP applications - FRHACK 2009Auditing and securing PHP applications - FRHACK 2009
Auditing and securing PHP applications - FRHACK 2009
 

Recently uploaded

快速办理(新加坡SMU毕业证书)新加坡管理大学毕业证文凭证书一模一样
快速办理(新加坡SMU毕业证书)新加坡管理大学毕业证文凭证书一模一样快速办理(新加坡SMU毕业证书)新加坡管理大学毕业证文凭证书一模一样
快速办理(新加坡SMU毕业证书)新加坡管理大学毕业证文凭证书一模一样
3a0sd7z3
 
Securing BGP: Operational Strategies and Best Practices for Network Defenders...
Securing BGP: Operational Strategies and Best Practices for Network Defenders...Securing BGP: Operational Strategies and Best Practices for Network Defenders...
Securing BGP: Operational Strategies and Best Practices for Network Defenders...
APNIC
 
cyber crime.pptx..........................
cyber crime.pptx..........................cyber crime.pptx..........................
cyber crime.pptx..........................
GNAMBIKARAO
 
一比一原版(uc毕业证书)加拿大卡尔加里大学毕业证如何办理
一比一原版(uc毕业证书)加拿大卡尔加里大学毕业证如何办理一比一原版(uc毕业证书)加拿大卡尔加里大学毕业证如何办理
一比一原版(uc毕业证书)加拿大卡尔加里大学毕业证如何办理
dtagbe
 
怎么办理(umiami毕业证书)美国迈阿密大学毕业证文凭证书实拍图原版一模一样
怎么办理(umiami毕业证书)美国迈阿密大学毕业证文凭证书实拍图原版一模一样怎么办理(umiami毕业证书)美国迈阿密大学毕业证文凭证书实拍图原版一模一样
怎么办理(umiami毕业证书)美国迈阿密大学毕业证文凭证书实拍图原版一模一样
rtunex8r
 
How to make a complaint to the police for Social Media Fraud.pdf
How to make a complaint to the police for Social Media Fraud.pdfHow to make a complaint to the police for Social Media Fraud.pdf
How to make a complaint to the police for Social Media Fraud.pdf
Infosec train
 
一比一原版新西兰林肯大学毕业证(Lincoln毕业证书)学历如何办理
一比一原版新西兰林肯大学毕业证(Lincoln毕业证书)学历如何办理一比一原版新西兰林肯大学毕业证(Lincoln毕业证书)学历如何办理
一比一原版新西兰林肯大学毕业证(Lincoln毕业证书)学历如何办理
thezot
 
Honeypots Unveiled: Proactive Defense Tactics for Cyber Security, Phoenix Sum...
Honeypots Unveiled: Proactive Defense Tactics for Cyber Security, Phoenix Sum...Honeypots Unveiled: Proactive Defense Tactics for Cyber Security, Phoenix Sum...
Honeypots Unveiled: Proactive Defense Tactics for Cyber Security, Phoenix Sum...
APNIC
 
Bengaluru Dreamin' 24 - Personal Branding
Bengaluru Dreamin' 24 - Personal BrandingBengaluru Dreamin' 24 - Personal Branding
Bengaluru Dreamin' 24 - Personal Branding
Tarandeep Singh
 
快速办理(Vic毕业证书)惠灵顿维多利亚大学毕业证完成信一模一样
快速办理(Vic毕业证书)惠灵顿维多利亚大学毕业证完成信一模一样快速办理(Vic毕业证书)惠灵顿维多利亚大学毕业证完成信一模一样
快速办理(Vic毕业证书)惠灵顿维多利亚大学毕业证完成信一模一样
3a0sd7z3
 
HijackLoader Evolution: Interactive Process Hollowing
HijackLoader Evolution: Interactive Process HollowingHijackLoader Evolution: Interactive Process Hollowing
HijackLoader Evolution: Interactive Process Hollowing
Donato Onofri
 
KubeCon & CloudNative Con 2024 Artificial Intelligent
KubeCon & CloudNative Con 2024 Artificial IntelligentKubeCon & CloudNative Con 2024 Artificial Intelligent
KubeCon & CloudNative Con 2024 Artificial Intelligent
Emre Gündoğdu
 

Recently uploaded (12)

快速办理(新加坡SMU毕业证书)新加坡管理大学毕业证文凭证书一模一样
快速办理(新加坡SMU毕业证书)新加坡管理大学毕业证文凭证书一模一样快速办理(新加坡SMU毕业证书)新加坡管理大学毕业证文凭证书一模一样
快速办理(新加坡SMU毕业证书)新加坡管理大学毕业证文凭证书一模一样
 
Securing BGP: Operational Strategies and Best Practices for Network Defenders...
Securing BGP: Operational Strategies and Best Practices for Network Defenders...Securing BGP: Operational Strategies and Best Practices for Network Defenders...
Securing BGP: Operational Strategies and Best Practices for Network Defenders...
 
cyber crime.pptx..........................
cyber crime.pptx..........................cyber crime.pptx..........................
cyber crime.pptx..........................
 
一比一原版(uc毕业证书)加拿大卡尔加里大学毕业证如何办理
一比一原版(uc毕业证书)加拿大卡尔加里大学毕业证如何办理一比一原版(uc毕业证书)加拿大卡尔加里大学毕业证如何办理
一比一原版(uc毕业证书)加拿大卡尔加里大学毕业证如何办理
 
怎么办理(umiami毕业证书)美国迈阿密大学毕业证文凭证书实拍图原版一模一样
怎么办理(umiami毕业证书)美国迈阿密大学毕业证文凭证书实拍图原版一模一样怎么办理(umiami毕业证书)美国迈阿密大学毕业证文凭证书实拍图原版一模一样
怎么办理(umiami毕业证书)美国迈阿密大学毕业证文凭证书实拍图原版一模一样
 
How to make a complaint to the police for Social Media Fraud.pdf
How to make a complaint to the police for Social Media Fraud.pdfHow to make a complaint to the police for Social Media Fraud.pdf
How to make a complaint to the police for Social Media Fraud.pdf
 
一比一原版新西兰林肯大学毕业证(Lincoln毕业证书)学历如何办理
一比一原版新西兰林肯大学毕业证(Lincoln毕业证书)学历如何办理一比一原版新西兰林肯大学毕业证(Lincoln毕业证书)学历如何办理
一比一原版新西兰林肯大学毕业证(Lincoln毕业证书)学历如何办理
 
Honeypots Unveiled: Proactive Defense Tactics for Cyber Security, Phoenix Sum...
Honeypots Unveiled: Proactive Defense Tactics for Cyber Security, Phoenix Sum...Honeypots Unveiled: Proactive Defense Tactics for Cyber Security, Phoenix Sum...
Honeypots Unveiled: Proactive Defense Tactics for Cyber Security, Phoenix Sum...
 
Bengaluru Dreamin' 24 - Personal Branding
Bengaluru Dreamin' 24 - Personal BrandingBengaluru Dreamin' 24 - Personal Branding
Bengaluru Dreamin' 24 - Personal Branding
 
快速办理(Vic毕业证书)惠灵顿维多利亚大学毕业证完成信一模一样
快速办理(Vic毕业证书)惠灵顿维多利亚大学毕业证完成信一模一样快速办理(Vic毕业证书)惠灵顿维多利亚大学毕业证完成信一模一样
快速办理(Vic毕业证书)惠灵顿维多利亚大学毕业证完成信一模一样
 
HijackLoader Evolution: Interactive Process Hollowing
HijackLoader Evolution: Interactive Process HollowingHijackLoader Evolution: Interactive Process Hollowing
HijackLoader Evolution: Interactive Process Hollowing
 
KubeCon & CloudNative Con 2024 Artificial Intelligent
KubeCon & CloudNative Con 2024 Artificial IntelligentKubeCon & CloudNative Con 2024 Artificial Intelligent
KubeCon & CloudNative Con 2024 Artificial Intelligent
 

Multi Factor Authetification - ZendCon 2017