Building secure web applications

Speakers:

• 18:00 Welcome with drinks and food

• 18:30 - 18:35 JSBe introduction

• 18:35 - 19:20 Philippe De Ryck

What do you mean, “Front End Security”?
While the separation of concerns between front end and back end is a positive evolution, it has also resulted in front end developers mainly considering security to be a back end responsibility. In this talk, I demonstrate with practical attacks that this popular belief is wrong in so many ways. We will also review a few security best practices that should not be considered optional anymore.

Bio:

Philippe De Ryck is a professional speaker and trainer on software security and web security. Since he obtained his PhD at the iMinds-DistriNet research group (KU Leuven, Belgium), he has been running the group's Web Security Training program. This training program ensures a sustainable knowledge transfer of the group’s security expertise towards practitioners, enabling them to build better and more secure applications.

• 19:20 - 19:30 Break

• 19:30 - 20:15 Chris Adriaensen

The Hitchhiker’s Guide to the Land of OAuth

OAuth has become a central security component with respect to a modern REST-based architecture - and several extensions have since been developed, like JWT, OpenID Connect and UMA, to provide a broader coverage. Both server and client development need a good understanding of these concepts to guarantee end-to-end security. In this talk Chris will guide us through the current landscape of OAuth and zoom in on mature (like JWT and OpenID Connect) and uprising extensions (like UMA and Proof of Possession) - but also how to interface with a SOAP-based architecture (like SAML). Don’t forget to bring a towel - but what about silver shoes?

Bio:

Chris has been passionate with digital identity, privacy and security for about 10 years now. Upon receiving his Master’s degree in Computer Science Engineering at the University of Leuven (KUL) he was presented the opportunity to lead an interesting new start-up in Eindhoven focused on mobile technology. Later on he became part of a global team of identity and privacy architects at Verizon, former Cybertrust // Ubizen, and as such got involved with various strategic initiatives for governments and multi-nationals. Currently aboard open-source identity and privacy platform provider ForgeRock, revived out of Sun Microsystems, he enjoys enabling organisations through effective use of identity and privacy technologies.

LinkedIn: https://be.linkedin.com/in/chrisadriaensen | Twitter: @chrisadriaensen

We are still looking for:

• Future speakers
• Future venues

We hope to see you there!