Security conference sessions

We’re living in a world where both Web developers and end users are increasingly worrying about the security of data. Learn more about the security aspects of Web development here.

3:45pm–5:15pm Monday, 04/20/2015
Location: Salon 1/2
Stephen Teilhet (Synopsys)
Average rating: ***..
(3.00, 5 ratings)
Are you frustrated with the lack of security knowledge available to your team? Do you want to become your team's security expert? This session will start you on that path. You will learn how to setup and run a security code review and penetration test for your team. The focus will be on JavaScript client-side and mobile code, but the concepts can be applied to any type of application. Read more.
2:15pm–2:45pm Wednesday, 04/22/2015
Location: Salon 12/13/14/15
Charles Engelke (Google, LLC)
Average rating: ****.
(4.00, 4 ratings)
Cryptography for JavaScript in web browsers has gone mainstream thanks to the new Web Cryptography API. Why was the API needed and how can you use it? This talk will cover use cases, background technology needed, and how to go beyond the basics provided by the API. There will be code: examples for key generation, public key encryption and decryption, and digital signatures and verification. Read more.
4:30pm–5:00pm Wednesday, 04/22/2015
Location: Salon 8
Tony Porterfield (Security researcher and advocate)
Average rating: ****.
(4.17, 6 ratings)
Many common web app security problems can be easily observed by users with a browser and free software tools. Using the OWASP App Security Verification Spec (ASVS) as our guide we will walk through testing techniques and real examples of vulnerabilities observed in web apps. Participants will come away with a set of tests that can be used to survey a site’s security in under 30 minutes. Read more.
5:15pm–5:45pm Wednesday, 04/22/2015
Location: Salon 8
Tim Messerschmidt (PayPal + Braintree)
Average rating: ****.
(4.50, 2 ratings)
In this talk the security flaws and UX implications of passwords will be discussed and it will be presented which alternative tech exists that can offer a mobile friendly flow. Highlighting authorization and authentication techniques like OAuth and hardware features like Bluetooth LE, this talk will be interesting for anyone being interested in security and user authentication techniques. Read more.