Lockdown Security (Online)

For May we're going to be online again for our meetup.

It's going to be a bit different, but we've still got two great talks and we'll get things set up so people can chat too.
We're going to be using Zoom for the event - the link will be added a couple of days beforehand

So grab your own pizza and a drink and join us for an evening of informative security talks.

A big thanks to our sponsors SR2 (https://www.sr2rec.co.uk/), Ents24 (http://www.ents24.com/), Brightpearl (http://www.brightpearl.com/), BookingLive (https://www.bookinglive.com/) & OneSub (https://onesub.io/) who are supporting us and are helping make the virtual event happen.

This month's talks are:

• Don’t Fear The OAuth
  Ian Littman (@iansltx)

Don’t know the difference between a grant type and an auth code? Know the difference but not sure how to implement OAuth 2.0 in your own application? In this talk I’ll start with OAuth 2.0 basics, then jump into implementation details using The PHP League’s oauth2-server library.

• Hansel & Gretel do TLS
  Marcus Bointon (@synchrom)

Effective encryption is a vital component of a safe and secure internet, especially since the arrival of HTTP/2. Many sites and mobile apps still don’t use TLS to encrypt their traffic, often citing some kind of fear over the complexity of it all, or if they do, they make a mess of it, resulting in a literal false sense of security.

The basics of TLS encryption are straightforward, but the practical realities run into a bewildering forest of acronyms. This talk gives you a breadcrumb trail through the backwoods of TLS, OCSP, ECDHE, ALPN, HTTP/2, HSTS, HPKP, CT, and more, including the latest changes in TLS 1.3.

You’ll get an overview of what problems TLS solves, how it works, its component pieces, how they fit together, where vulnerabilities and mitigations apply, and what tools and resources can help you get up to speed.

--

Unfortunately we can't head anywhere afterwards for a drink, but we'll keep the chat going so that you can chat with each other.

You can also join us in Slack any time, just head to https://slack.phpsw.uk

Your first time coming to PHPSW? Welcome!

It's going to be a bit different this month as we're all online, but we expect the night to roughly run as:

• From about 6:45 you should be able to join the event.
• At 7pm, we'll do a quick welcome talk and some community announcements
• At ~7:10pm we'll have our first talk
• After our first talk, there's a small break whilst we switch over speakers
• At ~8:10pm We have our second talk
• We finish at ~9pm, but will keep chat going for up to a couple of hours or until

--
How is this online thing going to work?

We've decided to use Zoom to host the event. We're aware of some of the concerns about it, but we were struggling to find a perfect solution.
We wanted something that was friction free to join (no registration), allowed for some control over chat, but was also something people were familiar with.

You'll find the link for the webinar under the location section of this event from a couple of days before. You'll be able to access the event from the start time and it will prompt you to install a client if you wish/need to. There is also a web client available.
On joining you will be asked for an email address. We're not messaging attendees etc. so this can be a non-real address.

Note: We will be restricting video and screen sharing to hosts and speakers only.

Please be aware that our code of conduct (https://phpsw.uk/code-of-conduct) still applies.

--
As always, a big thanks to our meetup sponsors Ents24 (http://www.ents24.com/), Brightpearl (http://www.brightpearl.com/), BookingLive (https://www.bookinglive.com/) & OneSub (https://onesub.io/) without whom we wouldn't be able to put on our meetups.