There's a huge amount of information to absorb when it comes to web security but as broad as the discipline is, there are common patterns to look for. In this talk on the "essentials" of web security, we'll look beyond the headlines of commonly discussed risks and delve into details and demonstrations. It's a very practical look at online security in a way that everyone can absorb and take back to their everyday work with them. Many of the demos use real world websites and data breaches as examples – this is a very "real world" talk about the importance of web security.
Experiences and practical takeaways from working security, operations and data digging in one of Norway's most popular news publications. How we've handled DDoS threats, massive attacks, secure communications and do our day-to-day work in a secure way.
We can learn a huge amount about security by reviewing the failures of those who have come before us. In maintaining the data breach notification service "Have I been pwned?", I've dealt with literally hundreds of millions of breached records over time and have seen some fascinating things. In this talk we'll look at the patterns organisations who suffered data breaches were using, the types of data that were exposed and the things they could have done to protect themselves from malicious actors.
In this day and age cryptography is becoming more important than ever. However there are many mistakes we can make when adding cryptographic functions to our applications. We'll look at some common misconceptions about cryptography, some mistakes developers make and how these can be exploited, and finally how to fix the problems.