OWASPOttawa Feb 19th 2025: Are We Leak-Free Yet? Securing Production App Secrets
Details
Welcome to our in-Person Meetup at the University of Ottawa
In-Person Location:
150 Louis-Pasteur Private, Ottawa,
University of Ottawa
Room 117
We will continue to Live Stream on our YouTube channel. (https://www.youtube.com/@OWASP_Ottawa). Subscribe to our YouTube channel, set a reminder and you’ll get a notification as soon as we go live!
YouTube Live Stream Link: https://www.youtube.com/watch?v=Y5mPVaHEKKA
6:00 PM EST Arrival, setup, mingle, PIZZA!!!
6:30 PM EST Technical Talks
- Introduction to OWASP Ottawa, Public Announcements.
- "Are We Leak-Free Yet? Securing Production App Secrets" with Robert Babaev
Abstract:
A month or so ago, I was fiddling with ways of getting secret values (API keys, database URLs, etc.) into an application without leaking them. This talk will go over that journey, and how complicated it actually can be to get zero-leak secret injection in web apps, namely those using Docker Compose and Docker Swarm. Considerations for client-side secrets, server-side secrets, and more! Demos include showcasing source code, and possibly spooling up Docker containers and/or building web applications on a local environment. Likely pre-recorded.
Speakers:
Robert Babaev is a recent graduate of Carleton University with an Honours Bachelor of Computer Science, specializing in Computer and Internet Security. He has done multiple internships at major Canadian cyber companies like Barracuda Networks and Software Secured, research into authentication and access control frameworks, and competed internationally in Athens and Prague in competitions through CyberSci. Robert also regularly engages in side projects including CourseFull, an app built to help students track their academic goals without the guesswork.
