Fixing authentication and authorization
Crash course in how authentication and authorization goes bad, and what can we do to fix it...
There is too little talk on proper authentication (AuthN) and authorization (AuthZ) practices especially in cloud native environments, where a very common problem that developers face is how to build authentication and authorization in their application. The latest OWASP top 10 for 2017 sets those bugs at place #2 and #5 of the top 10 list. Exploitation of those bugs is quite simple, and their effect is that usually read on the front pages of various tech news sites.
Some topics we will cover in this talk are: * How attackers mostly exploit AuthN / AuthZ * How to properly implement AuthN and 2FA (And why should you care) * How to properly implement AuthZ and distributed AuthZ in policy as code fashion
> Skill level: intermediate
> Duration: 45 min
Tonimir Kišasondi is the founder of Oru (www.oru.hr), a boutique information security consultancy from Varaždin, Croatia. In his spare time, he’s involved with the OWASP project where he leads the Croatia chapter and contributes to various open source tools. His professional and research area of interest is security architecture, application security, security testing/analysis and applied cryptography.