SlideShare una empresa de Scribd logo

Two-Factor Web Auth with Bookmark BeamAuth

B
Ben Adida
Tecnología
1 de 59
Descargar para leer sin conexión
BeamAuth Two-Factor Web Auth with a Bookmark Ben Adida Harvard University CCS 2007 – Alexandria, VA 30 October 2007
Can we improve web security without upgrading the browser?
Sad State of Web Auth
Sad State of Web Auth
Sad State of Web Auth
Sad State of Web Auth
SSO makes things worse
SSO makes things worse
SSO makes things worse
SSO makes things worse
SSO makes things worse
Update the Browser - Dynamic Security Skins [DT2005] secure password-based key exchange new browser chrome to auth web site. - PwdHash [RJMBM2005] domain-specific password pre-processing. - MS CardSpace change the entire auth infrastructure built into the operating system.
Can We Do Something Now?
Can We Do Something Now? HTTP
Can We Do Something Now? HTML & JavaScript HTTP
Can We Do Something Now? Application Code HTML & JavaScript HTTP
Can We Do Something Now? Application Code HTML & JavaScript HTTP
Can We Do Something Now? - The web is a (limited) platform Application Code HTML & JavaScript HTTP
Can We Do Something Now? - The web is a (limited) platform Application Code - Can we build better security in the application layer? HTML & JavaScript HTTP
Can We Do Something Now? - The web is a (limited) platform Application Code - Can we build better security in the application layer? HTML & JavaScript - Maybe by hijacking certain HTTP features for security purposes? (Active Cookies, Subspace, ...)
Can We Do Something Now? - The web is a (limited) platform Application Code - Can we build better security in the application layer? HTML & JavaScript - Maybe by hijacking certain HTTP features for security purposes? (Active Cookies, Subspace, ...) Goal: preventing easy phishing
The General Idea Setup Phase Login Phase
The General Idea Setup OpenID Phase Server Alice Login Phase
The General Idea Setup proof of identity OpenID Phase Server Alice Login Phase
The General Idea Setup proof of identity OpenID Phase Server Alice token Login Phase
The General Idea Setup proof of identity OpenID Phase Server Alice token Login Click Your BeamAuth Phase Login Button
The General Idea Setup proof of identity OpenID Phase Server Alice token Login Click Your BeamAuth Phase Login Button
The General Idea Setup proof of identity OpenID Phase Server Alice token Username benadida Login Click Your Password BeamAuth Phase Login Button log in
The General Idea Setup proof of identity OpenID Phase Server Alice token Username benadida Login Click Your Password BeamAuth Phase ********** Login Button log in log in
The General Idea Setup proof of identity OpenID Phase Server Alice token Username benadida Login Click Your Welcome, Password BeamAuth Phase Ben Adida. ********** Login Button log in log in
Let’s Build this Button!
Let’s Build this Button! - Browser add-on not an easy solution for most users complexity of add-on across browsers significant trust delegated to the login site
Let’s Build this Button! - Browser add-on not an easy solution for most users complexity of add-on across browsers significant trust delegated to the login site - Bookmark Delicious, etc. use bookmarks as buttons can we do the same for security? BookMark Auth = BM Auth = BeamAuth
JavaScript Bookmarks
JavaScript Bookmarks javascript:document.location=‘http://del.icio.us/ add?u=’ + encodeURIComponent(document.location);
JavaScript Bookmarks javascript:document.location=‘http://del.icio.us/ add?u=’ + encodeURIComponent(document.location); javascript:beamauth_token(‘x737csd23’);
JavaScript Bookmarks javascript:document.location=‘http://del.icio.us/ add?u=’ + encodeURIComponent(document.location); javascript:beamauth_token(‘x737csd23’);
JavaScript Bookmarks javascript:document.location=‘http://del.icio.us/ add?u=’ + encodeURIComponent(document.location); javascript:beamauth_token(‘x737csd23’); javascript: if (document.location.hostname == ‘myopenid.com’){ beamauth_token(‘x737csd23’); }
JavaScript Bookmarks javascript:document.location=‘http://del.icio.us/ add?u=’ + encodeURIComponent(document.location); javascript:beamauth_token(‘x737csd23’); javascript: if (document.location.hostname == ‘myopenid.com’){ beamauth_token(‘x737csd23’); }
JavaScript Bookmarks javascript:document.location=‘http://del.icio.us/ add?u=’ + encodeURIComponent(document.location); javascript:beamauth_token(‘x737csd23’); javascript: if (document.location.hostname == ‘myopenid.com’){ beamauth_token(‘x737csd23’); } Cannot trust the JavaScript Computing Base
The URL Fragment Identifier http://site.com/page#paragraph
The URL Fragment Identifier http://site.com/page#paragraph - used to designate a portion of a page browser scrolls to the appropriate location.
The URL Fragment Identifier http://site.com/page#paragraph - used to designate a portion of a page browser scrolls to the appropriate location. - never sent over the network but accessible from JavaScript
The URL Fragment Identifier http://site.com/page#paragraph - used to designate a portion of a page browser scrolls to the appropriate location. - never sent over the network but accessible from JavaScript - navigation between fragments does not cause a page reload.
Fragment in a Bookmark http://login.com/login#[benadida|8x34202]
Fragment in a Bookmark http://login.com/login#[benadida|8x34202] var hash = document.location.hash; if (hash != ‘’) { // parse the hash, get username and token process_beamauth_hash(hash); // clear the hash from the URL document.location.replace(‘/login’); }
The BeamAuth Ritual
The BeamAuth Ritual
The BeamAuth Ritual
The BeamAuth Ritual
The BeamAuth Ritual
The BeamAuth Ritual
The BeamAuth Ritual
The BeamAuth Ritual
Attacks - Trick User into Not Clicking Bookmark password compromised, token safe. - Lock User into Site password compromised, token safe. - Maliciously Replace Bookmark password compromised, token safe. - Pharming all compromised. - “Drag-and-Drop” Attack all compromised on Firefox.
Comparison to Long-Lasting Cookies - Second-channel setup – though long- lasting cookies could do the same thing there. - Synchronization across browsers using existing bookmark-sync tools. - Better behavior for non-SSL sites
BeamAuth: Summary - Bookmark as second authentication factor - Token delivered via a separate channel (email) - Use the fragment identifier to store token - Tweaked Login Ritual: whisk users to safety
Can we do more? - The fragment identifier might be used for more tricks. - JavaScript bookmarks may be useful for security. - Security in the app layer: help evolve the browser platform without anticipating all security requirements. generalize concept of site-specific extension?
Questions? ben@eecs.harvard.edu http://ben.adida.net/projects/beamauth/

Recomendados

New Single Sign-on Options for IBM Lotus Notes & Domino (We4IT)
New Single Sign-on Options for IBM Lotus Notes & Domino (We4IT)New Single Sign-on Options for IBM Lotus Notes & Domino (We4IT)
New Single Sign-on Options for IBM Lotus Notes & Domino (We4IT)We4IT Group
 
Simplifying The S's: Single Sign-On, SPNEGO and SAML
Simplifying The S's: Single Sign-On, SPNEGO and SAMLSimplifying The S's: Single Sign-On, SPNEGO and SAML
Simplifying The S's: Single Sign-On, SPNEGO and SAMLGabriella Davis
 
Protecting Online Identities - MIX09
Protecting Online Identities - MIX09Protecting Online Identities - MIX09
Protecting Online Identities - MIX09Jorgen Thelin
 
ISBG The 3 S's a guide to single sign on
ISBG The 3 S's a guide to single sign onISBG The 3 S's a guide to single sign on
ISBG The 3 S's a guide to single sign onGabriella Davis
 
Presentation sso design_security
Presentation sso design_securityPresentation sso design_security
Presentation sso design_securityMarco Morana
 
Single Sign On 101
Single Sign On 101Single Sign On 101
Single Sign On 101Mike Schwartz
 
Getting Started with FIDO2
Getting Started with FIDO2Getting Started with FIDO2
Getting Started with FIDO2FIDO Alliance
 
CIS14: Authentication: Who are You? You are What You Eat
CIS14: Authentication: Who are You? You are What You EatCIS14: Authentication: Who are You? You are What You Eat
CIS14: Authentication: Who are You? You are What You EatCloudIDSummit
 

Recomendados

New Single Sign-on Options for IBM Lotus Notes & Domino (We4IT)
New Single Sign-on Options for IBM Lotus Notes & Domino (We4IT)New Single Sign-on Options for IBM Lotus Notes & Domino (We4IT)
New Single Sign-on Options for IBM Lotus Notes & Domino (We4IT)We4IT Group
 
Simplifying The S's: Single Sign-On, SPNEGO and SAML
Simplifying The S's: Single Sign-On, SPNEGO and SAMLSimplifying The S's: Single Sign-On, SPNEGO and SAML
Simplifying The S's: Single Sign-On, SPNEGO and SAMLGabriella Davis
 
Protecting Online Identities - MIX09
Protecting Online Identities - MIX09Protecting Online Identities - MIX09
Protecting Online Identities - MIX09Jorgen Thelin
 
ISBG The 3 S's a guide to single sign on
ISBG The 3 S's a guide to single sign onISBG The 3 S's a guide to single sign on
ISBG The 3 S's a guide to single sign onGabriella Davis
 
Presentation sso design_security
Presentation sso design_securityPresentation sso design_security
Presentation sso design_securityMarco Morana
 
Single Sign On 101
Single Sign On 101Single Sign On 101
Single Sign On 101Mike Schwartz
 
Getting Started with FIDO2
Getting Started with FIDO2Getting Started with FIDO2
Getting Started with FIDO2FIDO Alliance
 
CIS14: Authentication: Who are You? You are What You Eat
CIS14: Authentication: Who are You? You are What You EatCIS14: Authentication: Who are You? You are What You Eat
CIS14: Authentication: Who are You? You are What You EatCloudIDSummit
 
CIS13: Identity as a Matter of Public Safety: A Case Study in Secure API Acce...
CIS13: Identity as a Matter of Public Safety: A Case Study in Secure API Acce...CIS13: Identity as a Matter of Public Safety: A Case Study in Secure API Acce...
CIS13: Identity as a Matter of Public Safety: A Case Study in Secure API Acce...CloudIDSummit
 
CredHub and Secure Credential Management
CredHub and Secure Credential ManagementCredHub and Secure Credential Management
CredHub and Secure Credential ManagementVMware Tanzu
 
Web Components for Microservices and IoT
Web Components for Microservices and IoTWeb Components for Microservices and IoT
Web Components for Microservices and IoTChris Lorenzo
 
Web Application Security: The Land that Information Security Forgot
Web Application Security: The Land that Information Security ForgotWeb Application Security: The Land that Information Security Forgot
Web Application Security: The Land that Information Security ForgotJeremiah Grossman
 
Single SignOn with Federation using Claims
Single SignOn with Federation using ClaimsSingle SignOn with Federation using Claims
Single SignOn with Federation using ClaimsVolkan Uzun
 
ASP.NET Single Sign On
ASP.NET Single Sign OnASP.NET Single Sign On
ASP.NET Single Sign Onleastprivilege
 
Secure Voting
Secure VotingSecure Voting
Secure VotingBen Adida
 
NJEA Podcasting Workshop
NJEA Podcasting WorkshopNJEA Podcasting Workshop
NJEA Podcasting Workshopheinricb
 
Get Going With RVM and Rails 3
Get Going With RVM and Rails 3Get Going With RVM and Rails 3
Get Going With RVM and Rails 3Karmen Blake
 
Global connections in the classroom
Global connections in the classroomGlobal connections in the classroom
Global connections in the classroomheinricb
 
What is Ruby on Rails?
What is Ruby on Rails?What is Ruby on Rails?
What is Ruby on Rails?Karmen Blake
 
Ettc Workshop Using A Prs System
Ettc Workshop Using A Prs SystemEttc Workshop Using A Prs System
Ettc Workshop Using A Prs Systemheinricb
 
Open-Audit Voting
Open-Audit VotingOpen-Audit Voting
Open-Audit VotingBen Adida
 
Protecting Online Identities
Protecting Online IdentitiesProtecting Online Identities
Protecting Online Identitiesgoodfriday
 
Protecting Online Identities
Protecting Online IdentitiesProtecting Online Identities
Protecting Online Identitiesgoodfriday
 
How LinkedIn changed its security model in order to offer an API
How LinkedIn changed its security model in order to offer an APIHow LinkedIn changed its security model in order to offer an API
How LinkedIn changed its security model in order to offer an APILinkedIn
 
Extending Oracle SSO
Extending Oracle SSOExtending Oracle SSO
Extending Oracle SSOkurtvm
 
Von JavaEE auf Microservice in 6 Monaten - The Good, the Bad, and the wtfs...
Von JavaEE auf Microservice in 6 Monaten - The Good, the Bad, and the wtfs...Von JavaEE auf Microservice in 6 Monaten - The Good, the Bad, and the wtfs...
Von JavaEE auf Microservice in 6 Monaten - The Good, the Bad, and the wtfs...André Goliath
 
Live Identity Services Drilldown - PDC 2008
Live Identity Services Drilldown - PDC 2008Live Identity Services Drilldown - PDC 2008
Live Identity Services Drilldown - PDC 2008Jorgen Thelin
 
Abusing bleeding edge web standards for appsec glory
Abusing bleeding edge web standards for appsec gloryAbusing bleeding edge web standards for appsec glory
Abusing bleeding edge web standards for appsec gloryPriyanka Aash
 
Reliable and fast security audits - The modern and offensive way-Mohan Gandhi
Reliable and fast security audits - The modern and offensive way-Mohan GandhiReliable and fast security audits - The modern and offensive way-Mohan Gandhi
Reliable and fast security audits - The modern and offensive way-Mohan Gandhibhumika2108
 
Security Cas And Open Id
Security Cas And Open IdSecurity Cas And Open Id
Security Cas And Open IdConSanFrancisco123
 

Más contenido relacionado

La actualidad más candente

CIS13: Identity as a Matter of Public Safety: A Case Study in Secure API Acce...
CIS13: Identity as a Matter of Public Safety: A Case Study in Secure API Acce...CIS13: Identity as a Matter of Public Safety: A Case Study in Secure API Acce...
CIS13: Identity as a Matter of Public Safety: A Case Study in Secure API Acce...CloudIDSummit
 
CredHub and Secure Credential Management
CredHub and Secure Credential ManagementCredHub and Secure Credential Management
CredHub and Secure Credential ManagementVMware Tanzu
 
Web Components for Microservices and IoT
Web Components for Microservices and IoTWeb Components for Microservices and IoT
Web Components for Microservices and IoTChris Lorenzo
 
Web Application Security: The Land that Information Security Forgot
Web Application Security: The Land that Information Security ForgotWeb Application Security: The Land that Information Security Forgot
Web Application Security: The Land that Information Security ForgotJeremiah Grossman
 
Single SignOn with Federation using Claims
Single SignOn with Federation using ClaimsSingle SignOn with Federation using Claims
Single SignOn with Federation using ClaimsVolkan Uzun
 
ASP.NET Single Sign On
ASP.NET Single Sign OnASP.NET Single Sign On
ASP.NET Single Sign Onleastprivilege
 

La actualidad más candente (6)

CIS13: Identity as a Matter of Public Safety: A Case Study in Secure API Acce...
CIS13: Identity as a Matter of Public Safety: A Case Study in Secure API Acce...CIS13: Identity as a Matter of Public Safety: A Case Study in Secure API Acce...
CIS13: Identity as a Matter of Public Safety: A Case Study in Secure API Acce...
 
CredHub and Secure Credential Management
CredHub and Secure Credential ManagementCredHub and Secure Credential Management
CredHub and Secure Credential Management
 
Web Components for Microservices and IoT
Web Components for Microservices and IoTWeb Components for Microservices and IoT
Web Components for Microservices and IoT
 
Web Application Security: The Land that Information Security Forgot
Web Application Security: The Land that Information Security ForgotWeb Application Security: The Land that Information Security Forgot
Web Application Security: The Land that Information Security Forgot
 
Single SignOn with Federation using Claims
Single SignOn with Federation using ClaimsSingle SignOn with Federation using Claims
Single SignOn with Federation using Claims
 
ASP.NET Single Sign On
ASP.NET Single Sign OnASP.NET Single Sign On
ASP.NET Single Sign On
 

Destacado

Secure Voting
Secure VotingSecure Voting
Secure VotingBen Adida
 
NJEA Podcasting Workshop
NJEA Podcasting WorkshopNJEA Podcasting Workshop
NJEA Podcasting Workshopheinricb
 
Get Going With RVM and Rails 3
Get Going With RVM and Rails 3Get Going With RVM and Rails 3
Get Going With RVM and Rails 3Karmen Blake
 
Global connections in the classroom
Global connections in the classroomGlobal connections in the classroom
Global connections in the classroomheinricb
 
What is Ruby on Rails?
What is Ruby on Rails?What is Ruby on Rails?
What is Ruby on Rails?Karmen Blake
 
Ettc Workshop Using A Prs System
Ettc Workshop Using A Prs SystemEttc Workshop Using A Prs System
Ettc Workshop Using A Prs Systemheinricb
 
Open-Audit Voting
Open-Audit VotingOpen-Audit Voting
Open-Audit VotingBen Adida
 

Destacado (7)

Secure Voting
Secure VotingSecure Voting
Secure Voting
 
NJEA Podcasting Workshop
NJEA Podcasting WorkshopNJEA Podcasting Workshop
NJEA Podcasting Workshop
 
Get Going With RVM and Rails 3
Get Going With RVM and Rails 3Get Going With RVM and Rails 3
Get Going With RVM and Rails 3
 
Global connections in the classroom
Global connections in the classroomGlobal connections in the classroom
Global connections in the classroom
 
What is Ruby on Rails?
What is Ruby on Rails?What is Ruby on Rails?
What is Ruby on Rails?
 
Ettc Workshop Using A Prs System
Ettc Workshop Using A Prs SystemEttc Workshop Using A Prs System
Ettc Workshop Using A Prs System
 
Open-Audit Voting
Open-Audit VotingOpen-Audit Voting
Open-Audit Voting
 

Similar a Two-Factor Web Auth with Bookmark BeamAuth

Protecting Online Identities
Protecting Online IdentitiesProtecting Online Identities
Protecting Online Identitiesgoodfriday
 
Protecting Online Identities
Protecting Online IdentitiesProtecting Online Identities
Protecting Online Identitiesgoodfriday
 
How LinkedIn changed its security model in order to offer an API
How LinkedIn changed its security model in order to offer an APIHow LinkedIn changed its security model in order to offer an API
How LinkedIn changed its security model in order to offer an APILinkedIn
 
Extending Oracle SSO
Extending Oracle SSOExtending Oracle SSO
Extending Oracle SSOkurtvm
 
Von JavaEE auf Microservice in 6 Monaten - The Good, the Bad, and the wtfs...
Von JavaEE auf Microservice in 6 Monaten - The Good, the Bad, and the wtfs...Von JavaEE auf Microservice in 6 Monaten - The Good, the Bad, and the wtfs...
Von JavaEE auf Microservice in 6 Monaten - The Good, the Bad, and the wtfs...André Goliath
 
Live Identity Services Drilldown - PDC 2008
Live Identity Services Drilldown - PDC 2008Live Identity Services Drilldown - PDC 2008
Live Identity Services Drilldown - PDC 2008Jorgen Thelin
 
Abusing bleeding edge web standards for appsec glory
Abusing bleeding edge web standards for appsec gloryAbusing bleeding edge web standards for appsec glory
Abusing bleeding edge web standards for appsec gloryPriyanka Aash
 
Reliable and fast security audits - The modern and offensive way-Mohan Gandhi
Reliable and fast security audits - The modern and offensive way-Mohan GandhiReliable and fast security audits - The modern and offensive way-Mohan Gandhi
Reliable and fast security audits - The modern and offensive way-Mohan Gandhibhumika2108
 
Cloud Native Identity with SPIFFE
Cloud Native Identity with SPIFFECloud Native Identity with SPIFFE
Cloud Native Identity with SPIFFEPrabath Siriwardena
 
Iiw2007b Madsen 01
Iiw2007b Madsen 01Iiw2007b Madsen 01
Iiw2007b Madsen 01Paul Madsen
 
Optimize Your SaaS Offering with Serverless Microservices (GPSTEC405) - AWS r...
Optimize Your SaaS Offering with Serverless Microservices (GPSTEC405) - AWS r...Optimize Your SaaS Offering with Serverless Microservices (GPSTEC405) - AWS r...
Optimize Your SaaS Offering with Serverless Microservices (GPSTEC405) - AWS r...Amazon Web Services
 
Web 2.0 security woes
Web 2.0 security woesWeb 2.0 security woes
Web 2.0 security woesSensePost
 
Word press, the automated way
Word press, the automated wayWord press, the automated way
Word press, the automated wayMichaël Perrin
 
Building Voice Controls and Integrating with Automation Actions on an IoT Net...
Building Voice Controls and Integrating with Automation Actions on an IoT Net...Building Voice Controls and Integrating with Automation Actions on an IoT Net...
Building Voice Controls and Integrating with Automation Actions on an IoT Net...Intel® Software
 
Mist.io @ AWSUGGR
Mist.io @ AWSUGGRMist.io @ AWSUGGR
Mist.io @ AWSUGGRunweb.me
 
Protecting Your APIs Against Attack & Hijack
Protecting Your APIs Against Attack & Hijack Protecting Your APIs Against Attack & Hijack
Protecting Your APIs Against Attack & Hijack CA API Management
 
Intro to Wordpress Security
Intro to Wordpress SecurityIntro to Wordpress Security
Intro to Wordpress SecurityChris Dodds
 

Similar a Two-Factor Web Auth with Bookmark BeamAuth (20)

Protecting Online Identities
Protecting Online IdentitiesProtecting Online Identities
Protecting Online Identities
 
Protecting Online Identities
Protecting Online IdentitiesProtecting Online Identities
Protecting Online Identities
 
How LinkedIn changed its security model in order to offer an API
How LinkedIn changed its security model in order to offer an APIHow LinkedIn changed its security model in order to offer an API
How LinkedIn changed its security model in order to offer an API
 
Extending Oracle SSO
Extending Oracle SSOExtending Oracle SSO
Extending Oracle SSO
 
Von JavaEE auf Microservice in 6 Monaten - The Good, the Bad, and the wtfs...
Von JavaEE auf Microservice in 6 Monaten - The Good, the Bad, and the wtfs...Von JavaEE auf Microservice in 6 Monaten - The Good, the Bad, and the wtfs...
Von JavaEE auf Microservice in 6 Monaten - The Good, the Bad, and the wtfs...
 
Live Identity Services Drilldown - PDC 2008
Live Identity Services Drilldown - PDC 2008Live Identity Services Drilldown - PDC 2008
Live Identity Services Drilldown - PDC 2008
 
Abusing bleeding edge web standards for appsec glory
Abusing bleeding edge web standards for appsec gloryAbusing bleeding edge web standards for appsec glory
Abusing bleeding edge web standards for appsec glory
 
Reliable and fast security audits - The modern and offensive way-Mohan Gandhi
Reliable and fast security audits - The modern and offensive way-Mohan GandhiReliable and fast security audits - The modern and offensive way-Mohan Gandhi
Reliable and fast security audits - The modern and offensive way-Mohan Gandhi
 
Security Cas And Open Id
Security Cas And Open IdSecurity Cas And Open Id
Security Cas And Open Id
 
Cloud Native Identity with SPIFFE
Cloud Native Identity with SPIFFECloud Native Identity with SPIFFE
Cloud Native Identity with SPIFFE
 
Iiw2007b Madsen 01
Iiw2007b Madsen 01Iiw2007b Madsen 01
Iiw2007b Madsen 01
 
Dial2Do API
Dial2Do APIDial2Do API
Dial2Do API
 
Starwest 2008
Starwest 2008Starwest 2008
Starwest 2008
 
Optimize Your SaaS Offering with Serverless Microservices (GPSTEC405) - AWS r...
Optimize Your SaaS Offering with Serverless Microservices (GPSTEC405) - AWS r...Optimize Your SaaS Offering with Serverless Microservices (GPSTEC405) - AWS r...
Optimize Your SaaS Offering with Serverless Microservices (GPSTEC405) - AWS r...
 
Web 2.0 security woes
Web 2.0 security woesWeb 2.0 security woes
Web 2.0 security woes
 
Word press, the automated way
Word press, the automated wayWord press, the automated way
Word press, the automated way
 
Building Voice Controls and Integrating with Automation Actions on an IoT Net...
Building Voice Controls and Integrating with Automation Actions on an IoT Net...Building Voice Controls and Integrating with Automation Actions on an IoT Net...
Building Voice Controls and Integrating with Automation Actions on an IoT Net...
 
Mist.io @ AWSUGGR
Mist.io @ AWSUGGRMist.io @ AWSUGGR
Mist.io @ AWSUGGR
 
Protecting Your APIs Against Attack & Hijack
Protecting Your APIs Against Attack & Hijack Protecting Your APIs Against Attack & Hijack
Protecting Your APIs Against Attack & Hijack
 
Intro to Wordpress Security
Intro to Wordpress SecurityIntro to Wordpress Security
Intro to Wordpress Security
 

Más de Ben Adida

Indivo X Overview
Indivo X OverviewIndivo X Overview
Indivo X OverviewBen Adida
 
How to Build an Indivo X Personal Health App
How to Build an Indivo X Personal Health AppHow to Build an Indivo X Personal Health App
How to Build an Indivo X Personal Health AppBen Adida
 
Indivo X Hospital Connectivity
Indivo X Hospital ConnectivityIndivo X Hospital Connectivity
Indivo X Hospital ConnectivityBen Adida
 
Helios: web-based truly verifiable voting
Helios: web-based truly verifiable votingHelios: web-based truly verifiable voting
Helios: web-based truly verifiable votingBen Adida
 
Truly Verifiable Elections
Truly Verifiable ElectionsTruly Verifiable Elections
Truly Verifiable ElectionsBen Adida
 
Cryptography and Voting
Cryptography and VotingCryptography and Voting
Cryptography and VotingBen Adida
 
Efficient Receipt-Free Ballot Casting Resistant to Covert Channels
Efficient Receipt-Free Ballot Casting Resistant to Covert ChannelsEfficient Receipt-Free Ballot Casting Resistant to Covert Channels
Efficient Receipt-Free Ballot Casting Resistant to Covert ChannelsBen Adida
 
Voting Security Overview
Voting Security OverviewVoting Security Overview
Voting Security OverviewBen Adida
 
Helios - Real-World Open-Audit Voting
Helios - Real-World Open-Audit VotingHelios - Real-World Open-Audit Voting
Helios - Real-World Open-Audit VotingBen Adida
 

Más de Ben Adida (9)

Indivo X Overview
Indivo X OverviewIndivo X Overview
Indivo X Overview
 
How to Build an Indivo X Personal Health App
How to Build an Indivo X Personal Health AppHow to Build an Indivo X Personal Health App
How to Build an Indivo X Personal Health App
 
Indivo X Hospital Connectivity
Indivo X Hospital ConnectivityIndivo X Hospital Connectivity
Indivo X Hospital Connectivity
 
Helios: web-based truly verifiable voting
Helios: web-based truly verifiable votingHelios: web-based truly verifiable voting
Helios: web-based truly verifiable voting
 
Truly Verifiable Elections
Truly Verifiable ElectionsTruly Verifiable Elections
Truly Verifiable Elections
 
Cryptography and Voting
Cryptography and VotingCryptography and Voting
Cryptography and Voting
 
Efficient Receipt-Free Ballot Casting Resistant to Covert Channels
Efficient Receipt-Free Ballot Casting Resistant to Covert ChannelsEfficient Receipt-Free Ballot Casting Resistant to Covert Channels
Efficient Receipt-Free Ballot Casting Resistant to Covert Channels
 
Voting Security Overview
Voting Security OverviewVoting Security Overview
Voting Security Overview
 
Helios - Real-World Open-Audit Voting
Helios - Real-World Open-Audit VotingHelios - Real-World Open-Audit Voting
Helios - Real-World Open-Audit Voting
 

Último

Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024BookNet Canada
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionAdvanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionDilum Bandara
 
Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...Rick Flair
 
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxA Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxLoriGlavin3
 
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxThe Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxLoriGlavin3
 
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxDigital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxLoriGlavin3
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLScyllaDB
 
Time Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directionsTime Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directionsNathaniel Shimoni
 
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxUse of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxLoriGlavin3
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Manik S Magar
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Commit University
 
What is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfWhat is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfMounikaPolabathina
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsPixlogix Infotech
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek SchlawackFwdays
 
SALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICESSALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICESmohitsingh558521
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .Alan Dix
 
A Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersA Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersNicole Novielli
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfAlex Barbosa Coqueiro
 

Último (20)

Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionAdvanced Computer Architecture – An Introduction
Advanced Computer Architecture – An Introduction
 
Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...
 
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxA Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
 
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxThe Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
 
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxDigital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQL
 
Time Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directionsTime Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directions
 
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxUse of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!
 
What is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfWhat is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdf
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and Cons
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
 
SALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICESSALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICES
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .
 
A Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersA Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software Developers
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdf
 

Two-Factor Web Auth with Bookmark BeamAuth