Security Engineering: OSS dependencies exploits and secure JWTs

Welcome to the third Nulab Developers Tech Talks edition!
This event will be dedicated to Security in Software Engineering and to the practices that help us write and maintain secure and vulnerability-free code. Our honorary guests are Philippe De Ryck and Brian Vermeer.

Philippe is the founder of Pragmatic Web Security (https://pragmaticwebsecurity.com/), where he travels the world to train developers on web security and security engineering. He holds a Ph.D. in web security from KU Leuven. Google recognizes Philippe as a Google Developer Expert for his knowledge of web security and security in Angular applications.

Brian is a Developer Advocate for Snyk (https://snyk.io/) and Software Engineer with over 10 years of hands-on experience in creating and maintaining software. He is passionate about Java, (Pure) Functional Programming and Cybersecurity. He is an Oracle Groundbreaker Ambassador and regular international speaker on mostly Java-related conferences like JavaOne, Oracle Code One, Devoxx BE, Devoxx UK, Jfokus, JavaZone and many more. Besides all that Brian is a military reserve for the Royal Netherlands Air Force and a Taekwondo Master / Teacher.

****** SESSIONS *********************************************

THE PARTS OF JWT SECURITY NOBODY TALKS ABOUT

• Philippe De Ryck-

JSON Web Tokens (JWT) have become the de facto standard to transfer application claims between the client and the server. By design, they incorporate the use of signatures to ensure the integrity of the data. However, merely signing the data alone is not enough to guarantee security.

In this talk, we zoom into the security properties of JWTs. After introducing the different signature schemes, we dive into the hard parts nobody talks about. How do you manage and identify the keys used for the signature? How do you handle key rotation? And what about encrypting JWTs? This talk answers all these questions. You will walk away with a set of best practices for adequately securing JWTs.

LIVE EXPLOITING YOUR OPEN SOURCE DEPENDENCIES

• Brian Vermeer-

Today, almost all software heavily relies on the use of third-party dependencies. While open source modules are undoubtedly awesome, they also represent an undeniable and massive risk. You’re introducing someone else’s code into your system, often with little or no scrutiny. Including the wrong package can introduce severe vulnerabilities, exposing your application and your user’s data.

We’ll look at examples in the wild that have been exposed, some more famously than others, before showing you how to guard against these important security issues.

SCHEDULE***************************************

17:30 - Doors open. Some healthy snacks & drinks will be waiting for you
17:55 - Welcome
18:00 - Philippe De Ryck
THE PARTS OF JWT SECURITY NOBODY TALKS ABOUT
18:45 - Break
19:00 - Brian Vermeer
LIVE EXPLOITING YOUR OPEN SOURCE DEPENDENCIES
20:00 - Drinks & Goodbye

***************************************************************

!! IMPORTANT !!
Please note that we are bound by the venue rules to allow entry only based on a valid form of identification, so please make sure you have one with you.

This event, just like all Nulab Developers initiatives, falls under the rules of our Code of Conduct (https://www.meetup.com/Nulab-Techtalks-AMS/pages/27553964/Code_of_Conduct/)