SlideShare a Scribd company logo

Securing Applications using WSO2 Identity Server and CASQUE

WSO2
WSO2

This deck will explore what is CASQUE SNR, why your business needs to consider CASQUE for authentication, and how to use CASQUE with WSO2 Identity Server. Watch the On-Demand webinar here - https://wso2.com/library/webinars/2019/05/securing-applications-using-wso2-identity-server-and-casque/

Technology
1 of 25
Download to read offline
Securing Applications using WSO2 Identity Server and CASQUE Basil Philipsz - Managing Director, CASQUE Dinali Dabarera - Senior Software Engineer, WSO2
Presenters Basil Philipsz is the founder and CEO of Distributed Management Systems (DMS), a private company owned by its Directors and based in Lancashire, UK. DMS has invented CASQUE – a radical approach to High Assurance Authentication. Dinali Dabarera is passionate about all aspects of Identity and Access Management She has worked in the testing CASQUE with WSO2 Identity Server and done improvements in fine-grain access control in WSO2 Identity Server
Data breaches continue to proliferate. 1,334,488,724 breached records worldwide in April 2019. Running annual total 5.64 billion Monthly average 1.46 billion! (IT Governance)
Why Data Breaches Continue to Proliferate? 1. Existing Authentication Methods are vulnerable 2. Users can easily deny access so feel able to disclose or be complicit 3. Users are ill-disciplined 4. Weakness in IT infrastructure design, implementation and control CASQUE and WSO2 IS can solve [1] and [2]
The Problem Common Out-of-Band Authentication Methods like SMS, Email are weak with OTP only slightly better* Products** exploiting such vulnerabilities are publicly available * NIST Digital Identity Guidelines NIST.SP.800-63b.pdf ** Stingray, Shylock
Vulnerabilities Current multi-factor authentication (MFA) methods have exploitable weaknesses – rely on fixed secrets • Password, Embedded key in SecurID • Private key in PKI infrastructure, Attestation key in FIDO2 • Algorithm and data point used in zero knowledge methods If discovered by hacking, calculated or disclosed by Insiders, the security is bust!
Software Only Authentication - Flawed Do not be beguiled by “transparent” software only methods such User profiling • Users with the most dynamic profiles need the most permissive usage characteristics so making the most privileged users the easiest target. • Would not be certified at High Assurance because it cannot distinguish illegal access - User can always plead the repudiation defence "Someone must have watched my behaviour and got in"
The Solution Solve the weak authentication problem ○ keep changing the secret! But very difficult to implement ○ Indeterminacy ○ Outage & Recovery ○ Replay Attack
Challenge-Response Protocol • User has handheld Token containing a secure chip • Secure chip has EAL 6, FIPS 140-2 Level 3 Assurance The Solution
Challenge-Response Protocol • Dynamic key change • Nothing for a hacker to target or for an insider to disclose • No token clones The Solution
“Remedy” -- keep changing the Secret -- needed 4 inventions! • Granted US & EU patents • NATO approved, in use 24/7 by UK MOD • Certified by NCSC as suitable for Secret * - the only such *https://www.ncsc.gov.uk/products/dms-casque-snr The Solution
Token has many manifestations Different forms for Client and Clientless applications Optical Token Contactless Smartcard Contact Bluetooth Smartcard Surrogate Camera Token USB Token The Solution
The Business Case Digital Transformation: Cloud and Mobile • Who polices the administrators of your Cloud deployment? • Can an Insider reveal access secrets? • Who is liable if a breach occurs? • How is the mobile User authenticated? • Are they authenticated by vulnerable methods?
The Business Case Digital Transformation: Cloud and Mobile • Who controls the Identity Provision? • Can a User or Token be instantly suspended? • Are third parties part of the risk? • Are Tokens reusable?
Federated High Grade Identity & Access Management • Users - not third parties - should own and manage Identity Access. • Need to determine and segregate data that is vital - “Crown Jewels” • Access to the Crown Jewels must have highest Identity Assurance The Business Case
Digital Transformation: Cloud and Mobile Access required from several devices. Challenge presented as QR code - Use Android mobile as “Token Reader”.
The Business Case Federated, High Grade Identity Assurance to a Cloud of Web Application Services
Most Economic way to reduce overall Risk CASQUE ● co-exist with existing security ● Protects the inner keep ● Reduces overall risk
WSO2 Identity Server • Uniquely extensible, open source IAM product optimized for identity federation and single sign-on (SSO) with comprehensive support for adaptive multi-factor authentication and API security. • Helps identity administrators to setup a federated identity management ecosystem and secure access to web/mobile applications & endpoints across on-premises & cloud environments • Unlike open core vendors, WSO2 Identity Server includes the core and all of its extensions under the commercial friendly Apache 2.0 license.
Identity Server - Capabilities ● Identity Federation and SSO ● Identity Bridging ● Adaptive and Strong Authentication ● Account management and Identity Provisioning ● Access Controls ● APIs and Microservices security ● Privacy ● Identity Analytics
Key Benefits of WSO2 Identity Server ● Avoids Vendor lock-in with open source and open standards ● Extensible architecture helps support complex IAM use cases ● Scalable, for deployments of millions of users - 75mn identities managed ● Ecosystem-Friendly, with an identity ecosystem of 40+ extension points/connectors ● Speed integration out-of-the-box support for cloud and on-premise applications, 3rd party authentication systems and social ID providers ● Unique flexibility bridges identities between heterogeneous ID systems ● Low maintenance cost, with a pricing model that’s instance-based
CASQUE SNR Connector - WSO2 Store The CASQUE SNR authenticator allows you to integrate WSO2 Identity Server with CASQUE SNR so that you can use the CASQUE SNR multi-factor authentication technology to authenticate users. https://store.wso2.com/store/assets/isconnector/ details/03fcefc0-9c8e-4c2d-ae61-d0b04563d5 0f
Grant Types Federated Authenticators Local Authenticators ClaimHandlers CASQUE Connector CASQUE Server
Demo Scenario: Login to the API store using CASQUE SNR as the second step in the Authentication flow API Store User Experience with WSO2 Identity server
THANK YOU wso2.com

Recommended

WSO2 Guest Webinar: FIDO Universal Second Factor (U2F) for WSO2 Identity Server
WSO2 Guest Webinar: FIDO Universal Second Factor (U2F) for WSO2 Identity ServerWSO2 Guest Webinar: FIDO Universal Second Factor (U2F) for WSO2 Identity Server
WSO2 Guest Webinar: FIDO Universal Second Factor (U2F) for WSO2 Identity Server
Yenlo
 
Google FIDO Authentication Case Study
Google FIDO Authentication Case StudyGoogle FIDO Authentication Case Study
Google FIDO Authentication Case Study
FIDO Alliance
 
Blcok Armour Digital Vault
Blcok Armour Digital VaultBlcok Armour Digital Vault
Blcok Armour Digital Vault
Block Armour
 
WISekey IoT Technologies Presentation
WISekey IoT Technologies PresentationWISekey IoT Technologies Presentation
WISekey IoT Technologies Presentation
Creus Moreira Carlos
 
Software-Defined Segmentation Done Easily, Quickly and Right
Software-Defined Segmentation Done Easily, Quickly and RightSoftware-Defined Segmentation Done Easily, Quickly and Right
Software-Defined Segmentation Done Easily, Quickly and Right
SBWebinars
 
SafeNet overview 2014
SafeNet overview 2014SafeNet overview 2014
SafeNet overview 2014
Sectricity
 
Introduction to PKI & SafeNet Luna Hardware Security Modules with Microsoft W...
Introduction to PKI & SafeNet Luna Hardware Security Modules with Microsoft W...Introduction to PKI & SafeNet Luna Hardware Security Modules with Microsoft W...
Introduction to PKI & SafeNet Luna Hardware Security Modules with Microsoft W...
SafeNet
 
Signify Overview
Signify OverviewSignify Overview
Signify Overview
pjpallen
 

Recommended

WSO2 Guest Webinar: FIDO Universal Second Factor (U2F) for WSO2 Identity Server
WSO2 Guest Webinar: FIDO Universal Second Factor (U2F) for WSO2 Identity ServerWSO2 Guest Webinar: FIDO Universal Second Factor (U2F) for WSO2 Identity Server
WSO2 Guest Webinar: FIDO Universal Second Factor (U2F) for WSO2 Identity Server
Yenlo
 
Google FIDO Authentication Case Study
Google FIDO Authentication Case StudyGoogle FIDO Authentication Case Study
Google FIDO Authentication Case Study
FIDO Alliance
 
Blcok Armour Digital Vault
Blcok Armour Digital VaultBlcok Armour Digital Vault
Blcok Armour Digital Vault
Block Armour
 
WISekey IoT Technologies Presentation
WISekey IoT Technologies PresentationWISekey IoT Technologies Presentation
WISekey IoT Technologies Presentation
Creus Moreira Carlos
 
Software-Defined Segmentation Done Easily, Quickly and Right
Software-Defined Segmentation Done Easily, Quickly and RightSoftware-Defined Segmentation Done Easily, Quickly and Right
Software-Defined Segmentation Done Easily, Quickly and Right
SBWebinars
 
SafeNet overview 2014
SafeNet overview 2014SafeNet overview 2014
SafeNet overview 2014
Sectricity
 
Introduction to PKI & SafeNet Luna Hardware Security Modules with Microsoft W...
Introduction to PKI & SafeNet Luna Hardware Security Modules with Microsoft W...Introduction to PKI & SafeNet Luna Hardware Security Modules with Microsoft W...
Introduction to PKI & SafeNet Luna Hardware Security Modules with Microsoft W...
SafeNet
 
Signify Overview
Signify OverviewSignify Overview
Signify Overview
pjpallen
 
Safenet Authentication Service, SAS
Safenet Authentication Service, SASSafenet Authentication Service, SAS
Safenet Authentication Service, SAS
robbuddingh
 
Intelligent Segmentation: Protecting the Enterprise with StealthWatch, Cisco ...
Intelligent Segmentation: Protecting the Enterprise with StealthWatch, Cisco ...Intelligent Segmentation: Protecting the Enterprise with StealthWatch, Cisco ...
Intelligent Segmentation: Protecting the Enterprise with StealthWatch, Cisco ...
Lancope, Inc.
 
Identiverse 2019-navigating nist sp-800-63-3 -x a-ls cheat sheets-rev20190624
Identiverse 2019-navigating nist sp-800-63-3 -x a-ls cheat sheets-rev20190624Identiverse 2019-navigating nist sp-800-63-3 -x a-ls cheat sheets-rev20190624
Identiverse 2019-navigating nist sp-800-63-3 -x a-ls cheat sheets-rev20190624
Jean-François LOMBARDO
 
Go passwordless with fido2
Go passwordless with fido2Go passwordless with fido2
Go passwordless with fido2
Rob Dudley
 
SafeNet - Data Protection Company
SafeNet - Data Protection CompanySafeNet - Data Protection Company
SafeNet - Data Protection Company
ASBIS SK
 
How to Make Your IoT Devices Secure, Act Autonomously & Trusted Subjects
How to Make Your IoT Devices Secure, Act Autonomously & Trusted SubjectsHow to Make Your IoT Devices Secure, Act Autonomously & Trusted Subjects
How to Make Your IoT Devices Secure, Act Autonomously & Trusted Subjects
Maxim Salnikov
 
Fido U2F Protocol by Ather Ali
Fido U2F Protocol by Ather Ali Fido U2F Protocol by Ather Ali
Fido U2F Protocol by Ather Ali
OWASP Delhi
 
FIDO Privacy Principles and Approach
FIDO Privacy Principles and ApproachFIDO Privacy Principles and Approach
FIDO Privacy Principles and Approach
FIDO Alliance
 
Blockchain Defined Perimeter for Cloud Security
Blockchain Defined Perimeter for Cloud SecurityBlockchain Defined Perimeter for Cloud Security
Blockchain Defined Perimeter for Cloud Security
Block Armour
 
Webinar: Securing IoT with FIDO Authentication
Webinar: Securing IoT with FIDO AuthenticationWebinar: Securing IoT with FIDO Authentication
Webinar: Securing IoT with FIDO Authentication
FIDO Alliance
 
Fido Security Key
Fido Security KeyFido Security Key
Fido Security Key
GoTrust ID
 
Strong Authentication and US Federal Digital Services
Strong Authentication and US Federal Digital ServicesStrong Authentication and US Federal Digital Services
Strong Authentication and US Federal Digital Services
FIDO Alliance
 
case-study-cisco-ise-project copy
case-study-cisco-ise-project copycase-study-cisco-ise-project copy
case-study-cisco-ise-project copy
Lee Millington
 
IDENTITY IN THE WORLD OF IOT
IDENTITY IN THE WORLD OF IOTIDENTITY IN THE WORLD OF IOT
IDENTITY IN THE WORLD OF IOT
ForgeRock
 
FIDO & The Mobile Network Operator - Goode Intelligence & Nok Nok Labs
FIDO & The Mobile Network Operator - Goode Intelligence & Nok Nok LabsFIDO & The Mobile Network Operator - Goode Intelligence & Nok Nok Labs
FIDO & The Mobile Network Operator - Goode Intelligence & Nok Nok Labs
Nok Nok Labs, Inc
 
FIDO Alliance Today: Status and News
FIDO Alliance Today: Status and NewsFIDO Alliance Today: Status and News
FIDO Alliance Today: Status and News
FIDO Alliance
 
CASE STUDY: How Block Armour enabled secure remote access to on- premise as ...
CASE STUDY: How Block Armour enabled secure remote access to on- premise as ...CASE STUDY: How Block Armour enabled secure remote access to on- premise as ...
CASE STUDY: How Block Armour enabled secure remote access to on- premise as ...
Block Armour
 
OAuth2 for IoT Security: Why OpenID Connect & UMA Are They Key
OAuth2 for IoT Security: Why OpenID Connect & UMA Are They KeyOAuth2 for IoT Security: Why OpenID Connect & UMA Are They Key
OAuth2 for IoT Security: Why OpenID Connect & UMA Are They Key
Mike Schwartz
 
DigiCert EV Code Signing Certificate Feature and Benefits
DigiCert EV Code Signing Certificate Feature and BenefitsDigiCert EV Code Signing Certificate Feature and Benefits
DigiCert EV Code Signing Certificate Feature and Benefits
CodeSigningStore
 
CyberSecurity Update Slides
CyberSecurity Update SlidesCyberSecurity Update Slides
CyberSecurity Update Slides
Jim Kaplan CIA CFE
 
Kripta Key Product Key Management System.pdf
Kripta Key Product Key Management System.pdfKripta Key Product Key Management System.pdf
Kripta Key Product Key Management System.pdf
langkahgontay88
 
Are Your Appliance Security Solutions Ready For 2048-bit SSL Certificates ?
Are Your Appliance Security Solutions Ready For 2048-bit SSL Certificates ?Are Your Appliance Security Solutions Ready For 2048-bit SSL Certificates ?
Are Your Appliance Security Solutions Ready For 2048-bit SSL Certificates ?
michaelbasoah
 

More Related Content

What's hot

Safenet Authentication Service, SAS
Safenet Authentication Service, SASSafenet Authentication Service, SAS
Safenet Authentication Service, SAS
robbuddingh
 
Intelligent Segmentation: Protecting the Enterprise with StealthWatch, Cisco ...
Intelligent Segmentation: Protecting the Enterprise with StealthWatch, Cisco ...Intelligent Segmentation: Protecting the Enterprise with StealthWatch, Cisco ...
Intelligent Segmentation: Protecting the Enterprise with StealthWatch, Cisco ...
Lancope, Inc.
 
Identiverse 2019-navigating nist sp-800-63-3 -x a-ls cheat sheets-rev20190624
Identiverse 2019-navigating nist sp-800-63-3 -x a-ls cheat sheets-rev20190624Identiverse 2019-navigating nist sp-800-63-3 -x a-ls cheat sheets-rev20190624
Identiverse 2019-navigating nist sp-800-63-3 -x a-ls cheat sheets-rev20190624
Jean-François LOMBARDO
 
Go passwordless with fido2
Go passwordless with fido2Go passwordless with fido2
Go passwordless with fido2
Rob Dudley
 
SafeNet - Data Protection Company
SafeNet - Data Protection CompanySafeNet - Data Protection Company
SafeNet - Data Protection Company
ASBIS SK
 
How to Make Your IoT Devices Secure, Act Autonomously & Trusted Subjects
How to Make Your IoT Devices Secure, Act Autonomously & Trusted SubjectsHow to Make Your IoT Devices Secure, Act Autonomously & Trusted Subjects
How to Make Your IoT Devices Secure, Act Autonomously & Trusted Subjects
Maxim Salnikov
 
Fido U2F Protocol by Ather Ali
Fido U2F Protocol by Ather Ali Fido U2F Protocol by Ather Ali
Fido U2F Protocol by Ather Ali
OWASP Delhi
 
FIDO Privacy Principles and Approach
FIDO Privacy Principles and ApproachFIDO Privacy Principles and Approach
FIDO Privacy Principles and Approach
FIDO Alliance
 
Blockchain Defined Perimeter for Cloud Security
Blockchain Defined Perimeter for Cloud SecurityBlockchain Defined Perimeter for Cloud Security
Blockchain Defined Perimeter for Cloud Security
Block Armour
 
Webinar: Securing IoT with FIDO Authentication
Webinar: Securing IoT with FIDO AuthenticationWebinar: Securing IoT with FIDO Authentication
Webinar: Securing IoT with FIDO Authentication
FIDO Alliance
 
Fido Security Key
Fido Security KeyFido Security Key
Fido Security Key
GoTrust ID
 
Strong Authentication and US Federal Digital Services
Strong Authentication and US Federal Digital ServicesStrong Authentication and US Federal Digital Services
Strong Authentication and US Federal Digital Services
FIDO Alliance
 
case-study-cisco-ise-project copy
case-study-cisco-ise-project copycase-study-cisco-ise-project copy
case-study-cisco-ise-project copy
Lee Millington
 
IDENTITY IN THE WORLD OF IOT
IDENTITY IN THE WORLD OF IOTIDENTITY IN THE WORLD OF IOT
IDENTITY IN THE WORLD OF IOT
ForgeRock
 
FIDO & The Mobile Network Operator - Goode Intelligence & Nok Nok Labs
FIDO & The Mobile Network Operator - Goode Intelligence & Nok Nok LabsFIDO & The Mobile Network Operator - Goode Intelligence & Nok Nok Labs
FIDO & The Mobile Network Operator - Goode Intelligence & Nok Nok Labs
Nok Nok Labs, Inc
 
FIDO Alliance Today: Status and News
FIDO Alliance Today: Status and NewsFIDO Alliance Today: Status and News
FIDO Alliance Today: Status and News
FIDO Alliance
 
CASE STUDY: How Block Armour enabled secure remote access to on- premise as ...
CASE STUDY: How Block Armour enabled secure remote access to on- premise as ...CASE STUDY: How Block Armour enabled secure remote access to on- premise as ...
CASE STUDY: How Block Armour enabled secure remote access to on- premise as ...
Block Armour
 
OAuth2 for IoT Security: Why OpenID Connect & UMA Are They Key
OAuth2 for IoT Security: Why OpenID Connect & UMA Are They KeyOAuth2 for IoT Security: Why OpenID Connect & UMA Are They Key
OAuth2 for IoT Security: Why OpenID Connect & UMA Are They Key
Mike Schwartz
 
DigiCert EV Code Signing Certificate Feature and Benefits
DigiCert EV Code Signing Certificate Feature and BenefitsDigiCert EV Code Signing Certificate Feature and Benefits
DigiCert EV Code Signing Certificate Feature and Benefits
CodeSigningStore
 

What's hot (19)

Safenet Authentication Service, SAS
Safenet Authentication Service, SASSafenet Authentication Service, SAS
Safenet Authentication Service, SAS
 
Intelligent Segmentation: Protecting the Enterprise with StealthWatch, Cisco ...
Intelligent Segmentation: Protecting the Enterprise with StealthWatch, Cisco ...Intelligent Segmentation: Protecting the Enterprise with StealthWatch, Cisco ...
Intelligent Segmentation: Protecting the Enterprise with StealthWatch, Cisco ...
 
Identiverse 2019-navigating nist sp-800-63-3 -x a-ls cheat sheets-rev20190624
Identiverse 2019-navigating nist sp-800-63-3 -x a-ls cheat sheets-rev20190624Identiverse 2019-navigating nist sp-800-63-3 -x a-ls cheat sheets-rev20190624
Identiverse 2019-navigating nist sp-800-63-3 -x a-ls cheat sheets-rev20190624
 
Go passwordless with fido2
Go passwordless with fido2Go passwordless with fido2
Go passwordless with fido2
 
SafeNet - Data Protection Company
SafeNet - Data Protection CompanySafeNet - Data Protection Company
SafeNet - Data Protection Company
 
How to Make Your IoT Devices Secure, Act Autonomously & Trusted Subjects
How to Make Your IoT Devices Secure, Act Autonomously & Trusted SubjectsHow to Make Your IoT Devices Secure, Act Autonomously & Trusted Subjects
How to Make Your IoT Devices Secure, Act Autonomously & Trusted Subjects
 
Fido U2F Protocol by Ather Ali
Fido U2F Protocol by Ather Ali Fido U2F Protocol by Ather Ali
Fido U2F Protocol by Ather Ali
 
FIDO Privacy Principles and Approach
FIDO Privacy Principles and ApproachFIDO Privacy Principles and Approach
FIDO Privacy Principles and Approach
 
Blockchain Defined Perimeter for Cloud Security
Blockchain Defined Perimeter for Cloud SecurityBlockchain Defined Perimeter for Cloud Security
Blockchain Defined Perimeter for Cloud Security
 
Webinar: Securing IoT with FIDO Authentication
Webinar: Securing IoT with FIDO AuthenticationWebinar: Securing IoT with FIDO Authentication
Webinar: Securing IoT with FIDO Authentication
 
Fido Security Key
Fido Security KeyFido Security Key
Fido Security Key
 
Strong Authentication and US Federal Digital Services
Strong Authentication and US Federal Digital ServicesStrong Authentication and US Federal Digital Services
Strong Authentication and US Federal Digital Services
 
case-study-cisco-ise-project copy
case-study-cisco-ise-project copycase-study-cisco-ise-project copy
case-study-cisco-ise-project copy
 
IDENTITY IN THE WORLD OF IOT
IDENTITY IN THE WORLD OF IOTIDENTITY IN THE WORLD OF IOT
IDENTITY IN THE WORLD OF IOT
 
FIDO & The Mobile Network Operator - Goode Intelligence & Nok Nok Labs
FIDO & The Mobile Network Operator - Goode Intelligence & Nok Nok LabsFIDO & The Mobile Network Operator - Goode Intelligence & Nok Nok Labs
FIDO & The Mobile Network Operator - Goode Intelligence & Nok Nok Labs
 
FIDO Alliance Today: Status and News
FIDO Alliance Today: Status and NewsFIDO Alliance Today: Status and News
FIDO Alliance Today: Status and News
 
CASE STUDY: How Block Armour enabled secure remote access to on- premise as ...
CASE STUDY: How Block Armour enabled secure remote access to on- premise as ...CASE STUDY: How Block Armour enabled secure remote access to on- premise as ...
CASE STUDY: How Block Armour enabled secure remote access to on- premise as ...
 
OAuth2 for IoT Security: Why OpenID Connect & UMA Are They Key
OAuth2 for IoT Security: Why OpenID Connect & UMA Are They KeyOAuth2 for IoT Security: Why OpenID Connect & UMA Are They Key
OAuth2 for IoT Security: Why OpenID Connect & UMA Are They Key
 
DigiCert EV Code Signing Certificate Feature and Benefits
DigiCert EV Code Signing Certificate Feature and BenefitsDigiCert EV Code Signing Certificate Feature and Benefits
DigiCert EV Code Signing Certificate Feature and Benefits
 

Similar to Securing Applications using WSO2 Identity Server and CASQUE

CyberSecurity Update Slides
CyberSecurity Update SlidesCyberSecurity Update Slides
CyberSecurity Update Slides
Jim Kaplan CIA CFE
 
Kripta Key Product Key Management System.pdf
Kripta Key Product Key Management System.pdfKripta Key Product Key Management System.pdf
Kripta Key Product Key Management System.pdf
langkahgontay88
 
Are Your Appliance Security Solutions Ready For 2048-bit SSL Certificates ?
Are Your Appliance Security Solutions Ready For 2048-bit SSL Certificates ?Are Your Appliance Security Solutions Ready For 2048-bit SSL Certificates ?
Are Your Appliance Security Solutions Ready For 2048-bit SSL Certificates ?
michaelbasoah
 
Identikey
IdentikeyIdentikey
Identikey
VASCO Data Security
 
Webinar hiware
Webinar hiwareWebinar hiware
Webinar hiware
Seokminyoon4
 
Surviving the lions den - how to sell SaaS services to security oriented cust...
Surviving the lions den - how to sell SaaS services to security oriented cust...Surviving the lions den - how to sell SaaS services to security oriented cust...
Surviving the lions den - how to sell SaaS services to security oriented cust...
Moshe Ferber
 
Rik Ferguson
Rik FergusonRik Ferguson
Rik Ferguson
CloudExpoEurope
 
SSL VPN Evaluation Guide
SSL VPN Evaluation GuideSSL VPN Evaluation Guide
SSL VPN Evaluation Guide
Array Networks
 
Scalar Security Roadshow: Toronto Presentation - April 15, 2015
Scalar Security Roadshow: Toronto Presentation - April 15, 2015Scalar Security Roadshow: Toronto Presentation - April 15, 2015
Scalar Security Roadshow: Toronto Presentation - April 15, 2015
Scalar Decisions
 
PKI in DevOps: How to Deploy Certificate Automation within CI/CD
PKI in DevOps: How to Deploy Certificate Automation within CI/CDPKI in DevOps: How to Deploy Certificate Automation within CI/CD
PKI in DevOps: How to Deploy Certificate Automation within CI/CD
DevOps.com
 
Implementing an improved security for collin’s database and telecommuters
Implementing an improved security for collin’s database and telecommutersImplementing an improved security for collin’s database and telecommuters
Implementing an improved security for collin’s database and telecommuters
Rishabh Gupta
 
The user s identities
The user s identitiesThe user s identities
The user s identities
Giuliano Latini
 
Logincat MFA and SSO
Logincat MFA and SSOLogincat MFA and SSO
Logincat MFA and SSO
Rohit Kapoor
 
Passwords and Fingerprints and Faces—Oh My! Comparing Old and New Authentication
Passwords and Fingerprints and Faces—Oh My! Comparing Old and New AuthenticationPasswords and Fingerprints and Faces—Oh My! Comparing Old and New Authentication
Passwords and Fingerprints and Faces—Oh My! Comparing Old and New Authentication
Priyanka Aash
 
Be Aware Webinar – Office 365 Seguro? Sym, Cloud!
Be Aware Webinar – Office 365 Seguro? Sym, Cloud!Be Aware Webinar – Office 365 Seguro? Sym, Cloud!
Be Aware Webinar – Office 365 Seguro? Sym, Cloud!
Symantec Brasil
 
No More SIlos: Connected Security - Mike Desai and Ryan Rowcliffe
No More SIlos: Connected Security - Mike Desai and Ryan RowcliffeNo More SIlos: Connected Security - Mike Desai and Ryan Rowcliffe
No More SIlos: Connected Security - Mike Desai and Ryan Rowcliffe
Core Security
 
Představení Oracle SPARC Miniclusteru
Představení Oracle SPARC MiniclusteruPředstavení Oracle SPARC Miniclusteru
Představení Oracle SPARC Miniclusteru
MarketingArrowECS_CZ
 
Transforming cloud security into an advantage
Transforming cloud security into an advantageTransforming cloud security into an advantage
Transforming cloud security into an advantage
Moshe Ferber
 
Riskfactorypcitheessentials 151125164111-lva1-app6892
Riskfactorypcitheessentials 151125164111-lva1-app6892Riskfactorypcitheessentials 151125164111-lva1-app6892
Riskfactorypcitheessentials 151125164111-lva1-app6892
Risk Crew
 
AL_PCI-Cheatsheet_web
AL_PCI-Cheatsheet_webAL_PCI-Cheatsheet_web
AL_PCI-Cheatsheet_web
Derrick McBreairty
 

Similar to Securing Applications using WSO2 Identity Server and CASQUE (20)

CyberSecurity Update Slides
CyberSecurity Update SlidesCyberSecurity Update Slides
CyberSecurity Update Slides
 
Kripta Key Product Key Management System.pdf
Kripta Key Product Key Management System.pdfKripta Key Product Key Management System.pdf
Kripta Key Product Key Management System.pdf
 
Are Your Appliance Security Solutions Ready For 2048-bit SSL Certificates ?
Are Your Appliance Security Solutions Ready For 2048-bit SSL Certificates ?Are Your Appliance Security Solutions Ready For 2048-bit SSL Certificates ?
Are Your Appliance Security Solutions Ready For 2048-bit SSL Certificates ?
 
Identikey
IdentikeyIdentikey
Identikey
 
Webinar hiware
Webinar hiwareWebinar hiware
Webinar hiware
 
Surviving the lions den - how to sell SaaS services to security oriented cust...
Surviving the lions den - how to sell SaaS services to security oriented cust...Surviving the lions den - how to sell SaaS services to security oriented cust...
Surviving the lions den - how to sell SaaS services to security oriented cust...
 
Rik Ferguson
Rik FergusonRik Ferguson
Rik Ferguson
 
SSL VPN Evaluation Guide
SSL VPN Evaluation GuideSSL VPN Evaluation Guide
SSL VPN Evaluation Guide
 
Scalar Security Roadshow: Toronto Presentation - April 15, 2015
Scalar Security Roadshow: Toronto Presentation - April 15, 2015Scalar Security Roadshow: Toronto Presentation - April 15, 2015
Scalar Security Roadshow: Toronto Presentation - April 15, 2015
 
PKI in DevOps: How to Deploy Certificate Automation within CI/CD
PKI in DevOps: How to Deploy Certificate Automation within CI/CDPKI in DevOps: How to Deploy Certificate Automation within CI/CD
PKI in DevOps: How to Deploy Certificate Automation within CI/CD
 
Implementing an improved security for collin’s database and telecommuters
Implementing an improved security for collin’s database and telecommutersImplementing an improved security for collin’s database and telecommuters
Implementing an improved security for collin’s database and telecommuters
 
The user s identities
The user s identitiesThe user s identities
The user s identities
 
Logincat MFA and SSO
Logincat MFA and SSOLogincat MFA and SSO
Logincat MFA and SSO
 
Passwords and Fingerprints and Faces—Oh My! Comparing Old and New Authentication
Passwords and Fingerprints and Faces—Oh My! Comparing Old and New AuthenticationPasswords and Fingerprints and Faces—Oh My! Comparing Old and New Authentication
Passwords and Fingerprints and Faces—Oh My! Comparing Old and New Authentication
 
Be Aware Webinar – Office 365 Seguro? Sym, Cloud!
Be Aware Webinar – Office 365 Seguro? Sym, Cloud!Be Aware Webinar – Office 365 Seguro? Sym, Cloud!
Be Aware Webinar – Office 365 Seguro? Sym, Cloud!
 
No More SIlos: Connected Security - Mike Desai and Ryan Rowcliffe
No More SIlos: Connected Security - Mike Desai and Ryan RowcliffeNo More SIlos: Connected Security - Mike Desai and Ryan Rowcliffe
No More SIlos: Connected Security - Mike Desai and Ryan Rowcliffe
 
Představení Oracle SPARC Miniclusteru
Představení Oracle SPARC MiniclusteruPředstavení Oracle SPARC Miniclusteru
Představení Oracle SPARC Miniclusteru
 
Transforming cloud security into an advantage
Transforming cloud security into an advantageTransforming cloud security into an advantage
Transforming cloud security into an advantage
 
Riskfactorypcitheessentials 151125164111-lva1-app6892
Riskfactorypcitheessentials 151125164111-lva1-app6892Riskfactorypcitheessentials 151125164111-lva1-app6892
Riskfactorypcitheessentials 151125164111-lva1-app6892
 
AL_PCI-Cheatsheet_web
AL_PCI-Cheatsheet_webAL_PCI-Cheatsheet_web
AL_PCI-Cheatsheet_web
 

More from WSO2

Accelerate Enterprise Software Engineering with Platformless
Accelerate Enterprise Software Engineering with PlatformlessAccelerate Enterprise Software Engineering with Platformless
Accelerate Enterprise Software Engineering with Platformless
WSO2
 
WSO2Con2024 - WSO2's IAM Vision: Identity-Led Digital Transformation
WSO2Con2024 - WSO2's IAM Vision: Identity-Led Digital TransformationWSO2Con2024 - WSO2's IAM Vision: Identity-Led Digital Transformation
WSO2Con2024 - WSO2's IAM Vision: Identity-Led Digital Transformation
WSO2
 
architecting-ai-in-the-enterprise-apis-and-applications.pdf
architecting-ai-in-the-enterprise-apis-and-applications.pdfarchitecting-ai-in-the-enterprise-apis-and-applications.pdf
architecting-ai-in-the-enterprise-apis-and-applications.pdf
WSO2
 
Driving Innovation: Scania's API Revolution with WSO2
Driving Innovation: Scania's API Revolution with WSO2Driving Innovation: Scania's API Revolution with WSO2
Driving Innovation: Scania's API Revolution with WSO2
WSO2
 
Less Is More: Utilizing Ballerina to Architect a Cloud Data Platform
Less Is More: Utilizing Ballerina to Architect a Cloud Data PlatformLess Is More: Utilizing Ballerina to Architect a Cloud Data Platform
Less Is More: Utilizing Ballerina to Architect a Cloud Data Platform
WSO2
 
Modernizing Legacy Systems Using Ballerina
Modernizing Legacy Systems Using BallerinaModernizing Legacy Systems Using Ballerina
Modernizing Legacy Systems Using Ballerina
WSO2
 
WSO2CON 2024 - Unlocking the Identity: Embracing CIAM 2.0 for a Competitive A...
WSO2CON 2024 - Unlocking the Identity: Embracing CIAM 2.0 for a Competitive A...WSO2CON 2024 - Unlocking the Identity: Embracing CIAM 2.0 for a Competitive A...
WSO2CON 2024 - Unlocking the Identity: Embracing CIAM 2.0 for a Competitive A...
WSO2
 
WSO2CON 2024 Slides - Unlocking Value with AI
WSO2CON 2024 Slides - Unlocking Value with AIWSO2CON 2024 Slides - Unlocking Value with AI
WSO2CON 2024 Slides - Unlocking Value with AI
WSO2
 
Platformless Horizons for Digital Adaptability
Platformless Horizons for Digital AdaptabilityPlatformless Horizons for Digital Adaptability
Platformless Horizons for Digital Adaptability
WSO2
 
Quantum Leap in Next-Generation Computing
Quantum Leap in Next-Generation ComputingQuantum Leap in Next-Generation Computing
Quantum Leap in Next-Generation Computing
WSO2
 
WSO2CON 2024 - Elevating the Integration Game to the Cloud
WSO2CON 2024 - Elevating the Integration Game to the CloudWSO2CON 2024 - Elevating the Integration Game to the Cloud
WSO2CON 2024 - Elevating the Integration Game to the Cloud
WSO2
 
WSO2CON 2024 - OSU & WSO2: A Decade Journey in Integration & Innovation
WSO2CON 2024 - OSU & WSO2: A Decade Journey in Integration & InnovationWSO2CON 2024 - OSU & WSO2: A Decade Journey in Integration & Innovation
WSO2CON 2024 - OSU & WSO2: A Decade Journey in Integration & Innovation
WSO2
 
WSO2CON 2024 - Freedom First—Unleashing Developer Potential with Open Source
WSO2CON 2024 - Freedom First—Unleashing Developer Potential with Open SourceWSO2CON 2024 - Freedom First—Unleashing Developer Potential with Open Source
WSO2CON 2024 - Freedom First—Unleashing Developer Potential with Open Source
WSO2
 
WSO2CON 2024 Slides - Open Source to SaaS
WSO2CON 2024 Slides - Open Source to SaaSWSO2CON 2024 Slides - Open Source to SaaS
WSO2CON 2024 Slides - Open Source to SaaS
WSO2
 
WSO2CON 2024 - Does Open Source Still Matter?
WSO2CON 2024 - Does Open Source Still Matter?WSO2CON 2024 - Does Open Source Still Matter?
WSO2CON 2024 - Does Open Source Still Matter?
WSO2
 
WSO2CON 2024 - IoT Needs CIAM: The Importance of Centralized IAM in a Growing...
WSO2CON 2024 - IoT Needs CIAM: The Importance of Centralized IAM in a Growing...WSO2CON 2024 - IoT Needs CIAM: The Importance of Centralized IAM in a Growing...
WSO2CON 2024 - IoT Needs CIAM: The Importance of Centralized IAM in a Growing...
WSO2
 
WSO2CON 2024 - WSO2's Digital Transformation Journey with Choreo: A Platforml...
WSO2CON 2024 - WSO2's Digital Transformation Journey with Choreo: A Platforml...WSO2CON 2024 - WSO2's Digital Transformation Journey with Choreo: A Platforml...
WSO2CON 2024 - WSO2's Digital Transformation Journey with Choreo: A Platforml...
WSO2
 
WSO2CON 2024 - Software Engineering for Digital Businesses
WSO2CON 2024 - Software Engineering for Digital BusinessesWSO2CON 2024 - Software Engineering for Digital Businesses
WSO2CON 2024 - Software Engineering for Digital Businesses
WSO2
 
WSO2CON 2024 - Navigating API Complexity: REST, GraphQL, gRPC, Websocket, Web...
WSO2CON 2024 - Navigating API Complexity: REST, GraphQL, gRPC, Websocket, Web...WSO2CON 2024 - Navigating API Complexity: REST, GraphQL, gRPC, Websocket, Web...
WSO2CON 2024 - Navigating API Complexity: REST, GraphQL, gRPC, Websocket, Web...
WSO2
 
WSO2CON 2024 - Designing Event-Driven Enterprises: Stories of Transformation
WSO2CON 2024 - Designing Event-Driven Enterprises: Stories of TransformationWSO2CON 2024 - Designing Event-Driven Enterprises: Stories of Transformation
WSO2CON 2024 - Designing Event-Driven Enterprises: Stories of Transformation
WSO2
 

More from WSO2 (20)

Accelerate Enterprise Software Engineering with Platformless
Accelerate Enterprise Software Engineering with PlatformlessAccelerate Enterprise Software Engineering with Platformless
Accelerate Enterprise Software Engineering with Platformless
 
WSO2Con2024 - WSO2's IAM Vision: Identity-Led Digital Transformation
WSO2Con2024 - WSO2's IAM Vision: Identity-Led Digital TransformationWSO2Con2024 - WSO2's IAM Vision: Identity-Led Digital Transformation
WSO2Con2024 - WSO2's IAM Vision: Identity-Led Digital Transformation
 
architecting-ai-in-the-enterprise-apis-and-applications.pdf
architecting-ai-in-the-enterprise-apis-and-applications.pdfarchitecting-ai-in-the-enterprise-apis-and-applications.pdf
architecting-ai-in-the-enterprise-apis-and-applications.pdf
 
Driving Innovation: Scania's API Revolution with WSO2
Driving Innovation: Scania's API Revolution with WSO2Driving Innovation: Scania's API Revolution with WSO2
Driving Innovation: Scania's API Revolution with WSO2
 
Less Is More: Utilizing Ballerina to Architect a Cloud Data Platform
Less Is More: Utilizing Ballerina to Architect a Cloud Data PlatformLess Is More: Utilizing Ballerina to Architect a Cloud Data Platform
Less Is More: Utilizing Ballerina to Architect a Cloud Data Platform
 
Modernizing Legacy Systems Using Ballerina
Modernizing Legacy Systems Using BallerinaModernizing Legacy Systems Using Ballerina
Modernizing Legacy Systems Using Ballerina
 
WSO2CON 2024 - Unlocking the Identity: Embracing CIAM 2.0 for a Competitive A...
WSO2CON 2024 - Unlocking the Identity: Embracing CIAM 2.0 for a Competitive A...WSO2CON 2024 - Unlocking the Identity: Embracing CIAM 2.0 for a Competitive A...
WSO2CON 2024 - Unlocking the Identity: Embracing CIAM 2.0 for a Competitive A...
 
WSO2CON 2024 Slides - Unlocking Value with AI
WSO2CON 2024 Slides - Unlocking Value with AIWSO2CON 2024 Slides - Unlocking Value with AI
WSO2CON 2024 Slides - Unlocking Value with AI
 
Platformless Horizons for Digital Adaptability
Platformless Horizons for Digital AdaptabilityPlatformless Horizons for Digital Adaptability
Platformless Horizons for Digital Adaptability
 
Quantum Leap in Next-Generation Computing
Quantum Leap in Next-Generation ComputingQuantum Leap in Next-Generation Computing
Quantum Leap in Next-Generation Computing
 
WSO2CON 2024 - Elevating the Integration Game to the Cloud
WSO2CON 2024 - Elevating the Integration Game to the CloudWSO2CON 2024 - Elevating the Integration Game to the Cloud
WSO2CON 2024 - Elevating the Integration Game to the Cloud
 
WSO2CON 2024 - OSU & WSO2: A Decade Journey in Integration & Innovation
WSO2CON 2024 - OSU & WSO2: A Decade Journey in Integration & InnovationWSO2CON 2024 - OSU & WSO2: A Decade Journey in Integration & Innovation
WSO2CON 2024 - OSU & WSO2: A Decade Journey in Integration & Innovation
 
WSO2CON 2024 - Freedom First—Unleashing Developer Potential with Open Source
WSO2CON 2024 - Freedom First—Unleashing Developer Potential with Open SourceWSO2CON 2024 - Freedom First—Unleashing Developer Potential with Open Source
WSO2CON 2024 - Freedom First—Unleashing Developer Potential with Open Source
 
WSO2CON 2024 Slides - Open Source to SaaS
WSO2CON 2024 Slides - Open Source to SaaSWSO2CON 2024 Slides - Open Source to SaaS
WSO2CON 2024 Slides - Open Source to SaaS
 
WSO2CON 2024 - Does Open Source Still Matter?
WSO2CON 2024 - Does Open Source Still Matter?WSO2CON 2024 - Does Open Source Still Matter?
WSO2CON 2024 - Does Open Source Still Matter?
 
WSO2CON 2024 - IoT Needs CIAM: The Importance of Centralized IAM in a Growing...
WSO2CON 2024 - IoT Needs CIAM: The Importance of Centralized IAM in a Growing...WSO2CON 2024 - IoT Needs CIAM: The Importance of Centralized IAM in a Growing...
WSO2CON 2024 - IoT Needs CIAM: The Importance of Centralized IAM in a Growing...
 
WSO2CON 2024 - WSO2's Digital Transformation Journey with Choreo: A Platforml...
WSO2CON 2024 - WSO2's Digital Transformation Journey with Choreo: A Platforml...WSO2CON 2024 - WSO2's Digital Transformation Journey with Choreo: A Platforml...
WSO2CON 2024 - WSO2's Digital Transformation Journey with Choreo: A Platforml...
 
WSO2CON 2024 - Software Engineering for Digital Businesses
WSO2CON 2024 - Software Engineering for Digital BusinessesWSO2CON 2024 - Software Engineering for Digital Businesses
WSO2CON 2024 - Software Engineering for Digital Businesses
 
WSO2CON 2024 - Navigating API Complexity: REST, GraphQL, gRPC, Websocket, Web...
WSO2CON 2024 - Navigating API Complexity: REST, GraphQL, gRPC, Websocket, Web...WSO2CON 2024 - Navigating API Complexity: REST, GraphQL, gRPC, Websocket, Web...
WSO2CON 2024 - Navigating API Complexity: REST, GraphQL, gRPC, Websocket, Web...
 
WSO2CON 2024 - Designing Event-Driven Enterprises: Stories of Transformation
WSO2CON 2024 - Designing Event-Driven Enterprises: Stories of TransformationWSO2CON 2024 - Designing Event-Driven Enterprises: Stories of Transformation
WSO2CON 2024 - Designing Event-Driven Enterprises: Stories of Transformation
 

Recently uploaded

Digital Marketing Trends in 2024 | Guide for Staying Ahead
Digital Marketing Trends in 2024 | Guide for Staying AheadDigital Marketing Trends in 2024 | Guide for Staying Ahead
Digital Marketing Trends in 2024 | Guide for Staying Ahead
Wask
 
FREE A4 Cyber Security Awareness Posters-Social Engineering part 3
FREE A4 Cyber Security Awareness Posters-Social Engineering part 3FREE A4 Cyber Security Awareness Posters-Social Engineering part 3
FREE A4 Cyber Security Awareness Posters-Social Engineering part 3
Data Hops
 
Fueling AI with Great Data with Airbyte Webinar
Fueling AI with Great Data with Airbyte WebinarFueling AI with Great Data with Airbyte Webinar
Fueling AI with Great Data with Airbyte Webinar
Zilliz
 
5th LF Energy Power Grid Model Meet-up Slides
5th LF Energy Power Grid Model Meet-up Slides5th LF Energy Power Grid Model Meet-up Slides
5th LF Energy Power Grid Model Meet-up Slides
DanBrown980551
 
Driving Business Innovation: Latest Generative AI Advancements & Success Story
Driving Business Innovation: Latest Generative AI Advancements & Success StoryDriving Business Innovation: Latest Generative AI Advancements & Success Story
Driving Business Innovation: Latest Generative AI Advancements & Success Story
Safe Software
 
Choosing The Best AWS Service For Your Website + API.pptx
Choosing The Best AWS Service For Your Website + API.pptxChoosing The Best AWS Service For Your Website + API.pptx
Choosing The Best AWS Service For Your Website + API.pptx
Brandon Minnick, MBA
 
How to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdf
How to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdfHow to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdf
How to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdf
Chart Kalyan
 
Serial Arm Control in Real Time Presentation
Serial Arm Control in Real Time PresentationSerial Arm Control in Real Time Presentation
Serial Arm Control in Real Time Presentation
tolgahangng
 
Taking AI to the Next Level in Manufacturing.pdf
Taking AI to the Next Level in Manufacturing.pdfTaking AI to the Next Level in Manufacturing.pdf
Taking AI to the Next Level in Manufacturing.pdf
ssuserfac0301
 
GNSS spoofing via SDR (Criptored Talks 2024)
GNSS spoofing via SDR (Criptored Talks 2024)GNSS spoofing via SDR (Criptored Talks 2024)
GNSS spoofing via SDR (Criptored Talks 2024)
Javier Junquera
 
"Choosing proper type of scaling", Olena Syrota
"Choosing proper type of scaling", Olena Syrota"Choosing proper type of scaling", Olena Syrota
"Choosing proper type of scaling", Olena Syrota
Fwdays
 
Monitoring and Managing Anomaly Detection on OpenShift.pdf
Monitoring and Managing Anomaly Detection on OpenShift.pdfMonitoring and Managing Anomaly Detection on OpenShift.pdf
Monitoring and Managing Anomaly Detection on OpenShift.pdf
Tosin Akinosho
 
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAUHCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
panagenda
 
Dandelion Hashtable: beyond billion requests per second on a commodity server
Dandelion Hashtable: beyond billion requests per second on a commodity serverDandelion Hashtable: beyond billion requests per second on a commodity server
Dandelion Hashtable: beyond billion requests per second on a commodity server
Antonios Katsarakis
 
Freshworks Rethinks NoSQL for Rapid Scaling & Cost-Efficiency
Freshworks Rethinks NoSQL for Rapid Scaling & Cost-EfficiencyFreshworks Rethinks NoSQL for Rapid Scaling & Cost-Efficiency
Freshworks Rethinks NoSQL for Rapid Scaling & Cost-Efficiency
ScyllaDB
 
WeTestAthens: Postman's AI & Automation Techniques
WeTestAthens: Postman's AI & Automation TechniquesWeTestAthens: Postman's AI & Automation Techniques
WeTestAthens: Postman's AI & Automation Techniques
Postman
 
Energy Efficient Video Encoding for Cloud and Edge Computing Instances
Energy Efficient Video Encoding for Cloud and Edge Computing InstancesEnergy Efficient Video Encoding for Cloud and Edge Computing Instances
Energy Efficient Video Encoding for Cloud and Edge Computing Instances
Alpen-Adria-Universität
 
June Patch Tuesday
June Patch TuesdayJune Patch Tuesday
June Patch Tuesday
Ivanti
 
Deep Dive: AI-Powered Marketing to Get More Leads and Customers with HyperGro...
Deep Dive: AI-Powered Marketing to Get More Leads and Customers with HyperGro...Deep Dive: AI-Powered Marketing to Get More Leads and Customers with HyperGro...
Deep Dive: AI-Powered Marketing to Get More Leads and Customers with HyperGro...
saastr
 
Public CyberSecurity Awareness Presentation 2024.pptx
Public CyberSecurity Awareness Presentation 2024.pptxPublic CyberSecurity Awareness Presentation 2024.pptx
Public CyberSecurity Awareness Presentation 2024.pptx
marufrahmanstratejm
 

Recently uploaded (20)

Digital Marketing Trends in 2024 | Guide for Staying Ahead
Digital Marketing Trends in 2024 | Guide for Staying AheadDigital Marketing Trends in 2024 | Guide for Staying Ahead
Digital Marketing Trends in 2024 | Guide for Staying Ahead
 
FREE A4 Cyber Security Awareness Posters-Social Engineering part 3
FREE A4 Cyber Security Awareness Posters-Social Engineering part 3FREE A4 Cyber Security Awareness Posters-Social Engineering part 3
FREE A4 Cyber Security Awareness Posters-Social Engineering part 3
 
Fueling AI with Great Data with Airbyte Webinar
Fueling AI with Great Data with Airbyte WebinarFueling AI with Great Data with Airbyte Webinar
Fueling AI with Great Data with Airbyte Webinar
 
5th LF Energy Power Grid Model Meet-up Slides
5th LF Energy Power Grid Model Meet-up Slides5th LF Energy Power Grid Model Meet-up Slides
5th LF Energy Power Grid Model Meet-up Slides
 
Driving Business Innovation: Latest Generative AI Advancements & Success Story
Driving Business Innovation: Latest Generative AI Advancements & Success StoryDriving Business Innovation: Latest Generative AI Advancements & Success Story
Driving Business Innovation: Latest Generative AI Advancements & Success Story
 
Choosing The Best AWS Service For Your Website + API.pptx
Choosing The Best AWS Service For Your Website + API.pptxChoosing The Best AWS Service For Your Website + API.pptx
Choosing The Best AWS Service For Your Website + API.pptx
 
How to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdf
How to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdfHow to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdf
How to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdf
 
Serial Arm Control in Real Time Presentation
Serial Arm Control in Real Time PresentationSerial Arm Control in Real Time Presentation
Serial Arm Control in Real Time Presentation
 
Taking AI to the Next Level in Manufacturing.pdf
Taking AI to the Next Level in Manufacturing.pdfTaking AI to the Next Level in Manufacturing.pdf
Taking AI to the Next Level in Manufacturing.pdf
 
GNSS spoofing via SDR (Criptored Talks 2024)
GNSS spoofing via SDR (Criptored Talks 2024)GNSS spoofing via SDR (Criptored Talks 2024)
GNSS spoofing via SDR (Criptored Talks 2024)
 
"Choosing proper type of scaling", Olena Syrota
"Choosing proper type of scaling", Olena Syrota"Choosing proper type of scaling", Olena Syrota
"Choosing proper type of scaling", Olena Syrota
 
Monitoring and Managing Anomaly Detection on OpenShift.pdf
Monitoring and Managing Anomaly Detection on OpenShift.pdfMonitoring and Managing Anomaly Detection on OpenShift.pdf
Monitoring and Managing Anomaly Detection on OpenShift.pdf
 
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAUHCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
 
Dandelion Hashtable: beyond billion requests per second on a commodity server
Dandelion Hashtable: beyond billion requests per second on a commodity serverDandelion Hashtable: beyond billion requests per second on a commodity server
Dandelion Hashtable: beyond billion requests per second on a commodity server
 
Freshworks Rethinks NoSQL for Rapid Scaling & Cost-Efficiency
Freshworks Rethinks NoSQL for Rapid Scaling & Cost-EfficiencyFreshworks Rethinks NoSQL for Rapid Scaling & Cost-Efficiency
Freshworks Rethinks NoSQL for Rapid Scaling & Cost-Efficiency
 
WeTestAthens: Postman's AI & Automation Techniques
WeTestAthens: Postman's AI & Automation TechniquesWeTestAthens: Postman's AI & Automation Techniques
WeTestAthens: Postman's AI & Automation Techniques
 
Energy Efficient Video Encoding for Cloud and Edge Computing Instances
Energy Efficient Video Encoding for Cloud and Edge Computing InstancesEnergy Efficient Video Encoding for Cloud and Edge Computing Instances
Energy Efficient Video Encoding for Cloud and Edge Computing Instances
 
June Patch Tuesday
June Patch TuesdayJune Patch Tuesday
June Patch Tuesday
 
Deep Dive: AI-Powered Marketing to Get More Leads and Customers with HyperGro...
Deep Dive: AI-Powered Marketing to Get More Leads and Customers with HyperGro...Deep Dive: AI-Powered Marketing to Get More Leads and Customers with HyperGro...
Deep Dive: AI-Powered Marketing to Get More Leads and Customers with HyperGro...
 
Public CyberSecurity Awareness Presentation 2024.pptx
Public CyberSecurity Awareness Presentation 2024.pptxPublic CyberSecurity Awareness Presentation 2024.pptx
Public CyberSecurity Awareness Presentation 2024.pptx
 

Securing Applications using WSO2 Identity Server and CASQUE

  • 1. Securing Applications using WSO2 Identity Server and CASQUE Basil Philipsz - Managing Director, CASQUE Dinali Dabarera - Senior Software Engineer, WSO2
  • 2. Presenters Basil Philipsz is the founder and CEO of Distributed Management Systems (DMS), a private company owned by its Directors and based in Lancashire, UK. DMS has invented CASQUE – a radical approach to High Assurance Authentication. Dinali Dabarera is passionate about all aspects of Identity and Access Management She has worked in the testing CASQUE with WSO2 Identity Server and done improvements in fine-grain access control in WSO2 Identity Server
  • 3. Data breaches continue to proliferate. 1,334,488,724 breached records worldwide in April 2019. Running annual total 5.64 billion Monthly average 1.46 billion! (IT Governance)
  • 4. Why Data Breaches Continue to Proliferate? 1. Existing Authentication Methods are vulnerable 2. Users can easily deny access so feel able to disclose or be complicit 3. Users are ill-disciplined 4. Weakness in IT infrastructure design, implementation and control CASQUE and WSO2 IS can solve [1] and [2]
  • 5. The Problem Common Out-of-Band Authentication Methods like SMS, Email are weak with OTP only slightly better* Products** exploiting such vulnerabilities are publicly available * NIST Digital Identity Guidelines NIST.SP.800-63b.pdf ** Stingray, Shylock
  • 6. Vulnerabilities Current multi-factor authentication (MFA) methods have exploitable weaknesses – rely on fixed secrets • Password, Embedded key in SecurID • Private key in PKI infrastructure, Attestation key in FIDO2 • Algorithm and data point used in zero knowledge methods If discovered by hacking, calculated or disclosed by Insiders, the security is bust!
  • 7. Software Only Authentication - Flawed Do not be beguiled by “transparent” software only methods such User profiling • Users with the most dynamic profiles need the most permissive usage characteristics so making the most privileged users the easiest target. • Would not be certified at High Assurance because it cannot distinguish illegal access - User can always plead the repudiation defence "Someone must have watched my behaviour and got in"
  • 8. The Solution Solve the weak authentication problem ○ keep changing the secret! But very difficult to implement ○ Indeterminacy ○ Outage & Recovery ○ Replay Attack
  • 9. Challenge-Response Protocol • User has handheld Token containing a secure chip • Secure chip has EAL 6, FIPS 140-2 Level 3 Assurance The Solution
  • 10. Challenge-Response Protocol • Dynamic key change • Nothing for a hacker to target or for an insider to disclose • No token clones The Solution
  • 11. “Remedy” -- keep changing the Secret -- needed 4 inventions! • Granted US & EU patents • NATO approved, in use 24/7 by UK MOD • Certified by NCSC as suitable for Secret * - the only such *https://www.ncsc.gov.uk/products/dms-casque-snr The Solution
  • 12. Token has many manifestations Different forms for Client and Clientless applications Optical Token Contactless Smartcard Contact Bluetooth Smartcard Surrogate Camera Token USB Token The Solution
  • 13. The Business Case Digital Transformation: Cloud and Mobile • Who polices the administrators of your Cloud deployment? • Can an Insider reveal access secrets? • Who is liable if a breach occurs? • How is the mobile User authenticated? • Are they authenticated by vulnerable methods?
  • 14. The Business Case Digital Transformation: Cloud and Mobile • Who controls the Identity Provision? • Can a User or Token be instantly suspended? • Are third parties part of the risk? • Are Tokens reusable?
  • 15. Federated High Grade Identity & Access Management • Users - not third parties - should own and manage Identity Access. • Need to determine and segregate data that is vital - “Crown Jewels” • Access to the Crown Jewels must have highest Identity Assurance The Business Case
  • 16. Digital Transformation: Cloud and Mobile Access required from several devices. Challenge presented as QR code - Use Android mobile as “Token Reader”.
  • 17. The Business Case Federated, High Grade Identity Assurance to a Cloud of Web Application Services
  • 18. Most Economic way to reduce overall Risk CASQUE ● co-exist with existing security ● Protects the inner keep ● Reduces overall risk
  • 19. WSO2 Identity Server • Uniquely extensible, open source IAM product optimized for identity federation and single sign-on (SSO) with comprehensive support for adaptive multi-factor authentication and API security. • Helps identity administrators to setup a federated identity management ecosystem and secure access to web/mobile applications & endpoints across on-premises & cloud environments • Unlike open core vendors, WSO2 Identity Server includes the core and all of its extensions under the commercial friendly Apache 2.0 license.
  • 20. Identity Server - Capabilities ● Identity Federation and SSO ● Identity Bridging ● Adaptive and Strong Authentication ● Account management and Identity Provisioning ● Access Controls ● APIs and Microservices security ● Privacy ● Identity Analytics
  • 21. Key Benefits of WSO2 Identity Server ● Avoids Vendor lock-in with open source and open standards ● Extensible architecture helps support complex IAM use cases ● Scalable, for deployments of millions of users - 75mn identities managed ● Ecosystem-Friendly, with an identity ecosystem of 40+ extension points/connectors ● Speed integration out-of-the-box support for cloud and on-premise applications, 3rd party authentication systems and social ID providers ● Unique flexibility bridges identities between heterogeneous ID systems ● Low maintenance cost, with a pricing model that’s instance-based
  • 22. CASQUE SNR Connector - WSO2 Store The CASQUE SNR authenticator allows you to integrate WSO2 Identity Server with CASQUE SNR so that you can use the CASQUE SNR multi-factor authentication technology to authenticate users. https://store.wso2.com/store/assets/isconnector/ details/03fcefc0-9c8e-4c2d-ae61-d0b04563d5 0f
  • 23. Grant Types Federated Authenticators Local Authenticators ClaimHandlers CASQUE Connector CASQUE Server
  • 24. Demo Scenario: Login to the API store using CASQUE SNR as the second step in the Authentication flow API Store User Experience with WSO2 Identity server