[Apr 15] DevSecOops: bridging software teams & security; Hacking JSON Web Tokens

Please note this is a Hybrid event:

For health reasons, we have a limited number of seats available at the in-person venue, so the event will also be available via a virtual venue link (Remo) and via Twitch.

Joining us in person? When you RSVP, you'll be asked if you're attending in person. It's strictly first come first served, and we'll confirm with you if you're in.

For those that wish to join via the virtual venue, you will be able to talk and network online or chat via Twitch. A link to both will be emailed to attendees prior to the event.

Catering will be provided for in-person and remote participants, with appropriate safety procedures in place to meet health and safety needs.

--------------

The Sydney Identity and Security Meetup is an informal evening open to all. We start with food, drink, and mingling, followed by a talk or two. The evening ends with an optional networking session at a local venue.

We value diversity and operate a strict code of conduct, for the comfort of all our members.

## DevSecOops -- Louis Cremen

This talk helps bridge the gap between Developers and Security. One group moving fast and building the next big thing for an organisation, and the other group desperately trying to hold organise and secure everything and hold it all together - how can these diametrically opposed groups work together? Come listen and find out what your organisation can use and take advantage of to make your software teams more secure.

Louis is a developer turned security professional and is currently one of the Cyber Security trainers for DDLS where he teaches the official courses for CISSP, CISM, CSSLP, Certified Ethical Hacker and Security+ across Australia and overseas.

As a developer and security contractor, Louis has worked for federal and international government agencies, banks, private and local businesses to help build and secure new and existing projects.

Louis loves "doing and teaching", he has run courses for 10 years, lectured at the University of Wollongong and can be regularly seen giving talks at Meetups and conferences.

## Hacking JSON Web Tokens -- Ben Dechrai

In the world of authentication and authorisation, you might have heard of JWTs, or JSON Web Tokens, which are used to encapsulate a user's identity, or convey information to another system that defines permissions of what can be performed.

They are secure; they're signed; they're the best thing since sliced bread!

So you've adopted them into your applications, and feel much safer. The chances that things will go wrong are slim. Right?

This talk will introduce the ways in which JWT implementations can go wrong, together with live demos, and take you on a journey to understand how to make sure you can trust these handy payloads in your applications and APIs.

Ben Dechrai is a technologist with a strong focus on security and privacy. At 11 years old he wrote software to stop his parents from breaking the family PC, and now he works as a developer advocate for Auth0. He enjoys helping developers find the joy of problem solving and experimentation, and can be found on Twitter and Instagram at @bendechrai.

## Sponsors

This meetup is supported and catered by Auth0 (https://auth0.com) and Snyk (https://snyk.io).