SlideShare uma empresa Scribd logo

Two-Factor Web Auth with Bookmark BeamAuth

B
Ben Adida
Tecnologia
1 de 59
Baixar para ler offline
BeamAuth Two-Factor Web Auth with a Bookmark Ben Adida Harvard University CCS 2007 – Alexandria, VA 30 October 2007
Can we improve web security without upgrading the browser?
Sad State of Web Auth
Sad State of Web Auth
Sad State of Web Auth
Sad State of Web Auth
SSO makes things worse
SSO makes things worse
SSO makes things worse
SSO makes things worse
SSO makes things worse
Update the Browser - Dynamic Security Skins [DT2005] secure password-based key exchange new browser chrome to auth web site. - PwdHash [RJMBM2005] domain-specific password pre-processing. - MS CardSpace change the entire auth infrastructure built into the operating system.
Can We Do Something Now?
Can We Do Something Now? HTTP
Can We Do Something Now? HTML & JavaScript HTTP
Can We Do Something Now? Application Code HTML & JavaScript HTTP
Can We Do Something Now? Application Code HTML & JavaScript HTTP
Can We Do Something Now? - The web is a (limited) platform Application Code HTML & JavaScript HTTP
Can We Do Something Now? - The web is a (limited) platform Application Code - Can we build better security in the application layer? HTML & JavaScript HTTP
Can We Do Something Now? - The web is a (limited) platform Application Code - Can we build better security in the application layer? HTML & JavaScript - Maybe by hijacking certain HTTP features for security purposes? (Active Cookies, Subspace, ...)
Can We Do Something Now? - The web is a (limited) platform Application Code - Can we build better security in the application layer? HTML & JavaScript - Maybe by hijacking certain HTTP features for security purposes? (Active Cookies, Subspace, ...) Goal: preventing easy phishing
The General Idea Setup Phase Login Phase
The General Idea Setup OpenID Phase Server Alice Login Phase
The General Idea Setup proof of identity OpenID Phase Server Alice Login Phase
The General Idea Setup proof of identity OpenID Phase Server Alice token Login Phase
The General Idea Setup proof of identity OpenID Phase Server Alice token Login Click Your BeamAuth Phase Login Button
The General Idea Setup proof of identity OpenID Phase Server Alice token Login Click Your BeamAuth Phase Login Button
The General Idea Setup proof of identity OpenID Phase Server Alice token Username benadida Login Click Your Password BeamAuth Phase Login Button log in
The General Idea Setup proof of identity OpenID Phase Server Alice token Username benadida Login Click Your Password BeamAuth Phase ********** Login Button log in log in
The General Idea Setup proof of identity OpenID Phase Server Alice token Username benadida Login Click Your Welcome, Password BeamAuth Phase Ben Adida. ********** Login Button log in log in
Let’s Build this Button!
Let’s Build this Button! - Browser add-on not an easy solution for most users complexity of add-on across browsers significant trust delegated to the login site
Let’s Build this Button! - Browser add-on not an easy solution for most users complexity of add-on across browsers significant trust delegated to the login site - Bookmark Delicious, etc. use bookmarks as buttons can we do the same for security? BookMark Auth = BM Auth = BeamAuth
JavaScript Bookmarks
JavaScript Bookmarks javascript:document.location=‘http://del.icio.us/ add?u=’ + encodeURIComponent(document.location);
JavaScript Bookmarks javascript:document.location=‘http://del.icio.us/ add?u=’ + encodeURIComponent(document.location); javascript:beamauth_token(‘x737csd23’);
JavaScript Bookmarks javascript:document.location=‘http://del.icio.us/ add?u=’ + encodeURIComponent(document.location); javascript:beamauth_token(‘x737csd23’);
JavaScript Bookmarks javascript:document.location=‘http://del.icio.us/ add?u=’ + encodeURIComponent(document.location); javascript:beamauth_token(‘x737csd23’); javascript: if (document.location.hostname == ‘myopenid.com’){ beamauth_token(‘x737csd23’); }
JavaScript Bookmarks javascript:document.location=‘http://del.icio.us/ add?u=’ + encodeURIComponent(document.location); javascript:beamauth_token(‘x737csd23’); javascript: if (document.location.hostname == ‘myopenid.com’){ beamauth_token(‘x737csd23’); }
JavaScript Bookmarks javascript:document.location=‘http://del.icio.us/ add?u=’ + encodeURIComponent(document.location); javascript:beamauth_token(‘x737csd23’); javascript: if (document.location.hostname == ‘myopenid.com’){ beamauth_token(‘x737csd23’); } Cannot trust the JavaScript Computing Base
The URL Fragment Identifier http://site.com/page#paragraph
The URL Fragment Identifier http://site.com/page#paragraph - used to designate a portion of a page browser scrolls to the appropriate location.
The URL Fragment Identifier http://site.com/page#paragraph - used to designate a portion of a page browser scrolls to the appropriate location. - never sent over the network but accessible from JavaScript
The URL Fragment Identifier http://site.com/page#paragraph - used to designate a portion of a page browser scrolls to the appropriate location. - never sent over the network but accessible from JavaScript - navigation between fragments does not cause a page reload.
Fragment in a Bookmark http://login.com/login#[benadida|8x34202]
Fragment in a Bookmark http://login.com/login#[benadida|8x34202] var hash = document.location.hash; if (hash != ‘’) { // parse the hash, get username and token process_beamauth_hash(hash); // clear the hash from the URL document.location.replace(‘/login’); }
The BeamAuth Ritual
The BeamAuth Ritual
The BeamAuth Ritual
The BeamAuth Ritual
The BeamAuth Ritual
The BeamAuth Ritual
The BeamAuth Ritual
The BeamAuth Ritual
Attacks - Trick User into Not Clicking Bookmark password compromised, token safe. - Lock User into Site password compromised, token safe. - Maliciously Replace Bookmark password compromised, token safe. - Pharming all compromised. - “Drag-and-Drop” Attack all compromised on Firefox.
Comparison to Long-Lasting Cookies - Second-channel setup – though long- lasting cookies could do the same thing there. - Synchronization across browsers using existing bookmark-sync tools. - Better behavior for non-SSL sites
BeamAuth: Summary - Bookmark as second authentication factor - Token delivered via a separate channel (email) - Use the fragment identifier to store token - Tweaked Login Ritual: whisk users to safety
Can we do more? - The fragment identifier might be used for more tricks. - JavaScript bookmarks may be useful for security. - Security in the app layer: help evolve the browser platform without anticipating all security requirements. generalize concept of site-specific extension?
Questions? ben@eecs.harvard.edu http://ben.adida.net/projects/beamauth/

Recomendados

New Single Sign-on Options for IBM Lotus Notes & Domino (We4IT)
New Single Sign-on Options for IBM Lotus Notes & Domino (We4IT)New Single Sign-on Options for IBM Lotus Notes & Domino (We4IT)
New Single Sign-on Options for IBM Lotus Notes & Domino (We4IT)We4IT Group
 
Simplifying The S's: Single Sign-On, SPNEGO and SAML
Simplifying The S's: Single Sign-On, SPNEGO and SAMLSimplifying The S's: Single Sign-On, SPNEGO and SAML
Simplifying The S's: Single Sign-On, SPNEGO and SAMLGabriella Davis
 
Protecting Online Identities - MIX09
Protecting Online Identities - MIX09Protecting Online Identities - MIX09
Protecting Online Identities - MIX09Jorgen Thelin
 
ISBG The 3 S's a guide to single sign on
ISBG The 3 S's a guide to single sign onISBG The 3 S's a guide to single sign on
ISBG The 3 S's a guide to single sign onGabriella Davis
 
Presentation sso design_security
Presentation sso design_securityPresentation sso design_security
Presentation sso design_securityMarco Morana
 
Single Sign On 101
Single Sign On 101Single Sign On 101
Single Sign On 101Mike Schwartz
 
Getting Started with FIDO2
Getting Started with FIDO2Getting Started with FIDO2
Getting Started with FIDO2FIDO Alliance
 
CIS14: Authentication: Who are You? You are What You Eat
CIS14: Authentication: Who are You? You are What You EatCIS14: Authentication: Who are You? You are What You Eat
CIS14: Authentication: Who are You? You are What You EatCloudIDSummit
 

Recomendados

New Single Sign-on Options for IBM Lotus Notes & Domino (We4IT)
New Single Sign-on Options for IBM Lotus Notes & Domino (We4IT)New Single Sign-on Options for IBM Lotus Notes & Domino (We4IT)
New Single Sign-on Options for IBM Lotus Notes & Domino (We4IT)We4IT Group
 
Simplifying The S's: Single Sign-On, SPNEGO and SAML
Simplifying The S's: Single Sign-On, SPNEGO and SAMLSimplifying The S's: Single Sign-On, SPNEGO and SAML
Simplifying The S's: Single Sign-On, SPNEGO and SAMLGabriella Davis
 
Protecting Online Identities - MIX09
Protecting Online Identities - MIX09Protecting Online Identities - MIX09
Protecting Online Identities - MIX09Jorgen Thelin
 
ISBG The 3 S's a guide to single sign on
ISBG The 3 S's a guide to single sign onISBG The 3 S's a guide to single sign on
ISBG The 3 S's a guide to single sign onGabriella Davis
 
Presentation sso design_security
Presentation sso design_securityPresentation sso design_security
Presentation sso design_securityMarco Morana
 
Single Sign On 101
Single Sign On 101Single Sign On 101
Single Sign On 101Mike Schwartz
 
Getting Started with FIDO2
Getting Started with FIDO2Getting Started with FIDO2
Getting Started with FIDO2FIDO Alliance
 
CIS14: Authentication: Who are You? You are What You Eat
CIS14: Authentication: Who are You? You are What You EatCIS14: Authentication: Who are You? You are What You Eat
CIS14: Authentication: Who are You? You are What You EatCloudIDSummit
 
CIS13: Identity as a Matter of Public Safety: A Case Study in Secure API Acce...
CIS13: Identity as a Matter of Public Safety: A Case Study in Secure API Acce...CIS13: Identity as a Matter of Public Safety: A Case Study in Secure API Acce...
CIS13: Identity as a Matter of Public Safety: A Case Study in Secure API Acce...CloudIDSummit
 
CredHub and Secure Credential Management
CredHub and Secure Credential ManagementCredHub and Secure Credential Management
CredHub and Secure Credential ManagementVMware Tanzu
 
Web Components for Microservices and IoT
Web Components for Microservices and IoTWeb Components for Microservices and IoT
Web Components for Microservices and IoTChris Lorenzo
 
Web Application Security: The Land that Information Security Forgot
Web Application Security: The Land that Information Security ForgotWeb Application Security: The Land that Information Security Forgot
Web Application Security: The Land that Information Security ForgotJeremiah Grossman
 
Single SignOn with Federation using Claims
Single SignOn with Federation using ClaimsSingle SignOn with Federation using Claims
Single SignOn with Federation using ClaimsVolkan Uzun
 
ASP.NET Single Sign On
ASP.NET Single Sign OnASP.NET Single Sign On
ASP.NET Single Sign Onleastprivilege
 
Secure Voting
Secure VotingSecure Voting
Secure VotingBen Adida
 
NJEA Podcasting Workshop
NJEA Podcasting WorkshopNJEA Podcasting Workshop
NJEA Podcasting Workshopheinricb
 
Get Going With RVM and Rails 3
Get Going With RVM and Rails 3Get Going With RVM and Rails 3
Get Going With RVM and Rails 3Karmen Blake
 
Global connections in the classroom
Global connections in the classroomGlobal connections in the classroom
Global connections in the classroomheinricb
 
What is Ruby on Rails?
What is Ruby on Rails?What is Ruby on Rails?
What is Ruby on Rails?Karmen Blake
 
Ettc Workshop Using A Prs System
Ettc Workshop Using A Prs SystemEttc Workshop Using A Prs System
Ettc Workshop Using A Prs Systemheinricb
 
Open-Audit Voting
Open-Audit VotingOpen-Audit Voting
Open-Audit VotingBen Adida
 
Protecting Online Identities
Protecting Online IdentitiesProtecting Online Identities
Protecting Online Identitiesgoodfriday
 
Protecting Online Identities
Protecting Online IdentitiesProtecting Online Identities
Protecting Online Identitiesgoodfriday
 
How LinkedIn changed its security model in order to offer an API
How LinkedIn changed its security model in order to offer an APIHow LinkedIn changed its security model in order to offer an API
How LinkedIn changed its security model in order to offer an APILinkedIn
 
Extending Oracle SSO
Extending Oracle SSOExtending Oracle SSO
Extending Oracle SSOkurtvm
 
Von JavaEE auf Microservice in 6 Monaten - The Good, the Bad, and the wtfs...
Von JavaEE auf Microservice in 6 Monaten - The Good, the Bad, and the wtfs...Von JavaEE auf Microservice in 6 Monaten - The Good, the Bad, and the wtfs...
Von JavaEE auf Microservice in 6 Monaten - The Good, the Bad, and the wtfs...André Goliath
 
Live Identity Services Drilldown - PDC 2008
Live Identity Services Drilldown - PDC 2008Live Identity Services Drilldown - PDC 2008
Live Identity Services Drilldown - PDC 2008Jorgen Thelin
 
Abusing bleeding edge web standards for appsec glory
Abusing bleeding edge web standards for appsec gloryAbusing bleeding edge web standards for appsec glory
Abusing bleeding edge web standards for appsec gloryPriyanka Aash
 
Reliable and fast security audits - The modern and offensive way-Mohan Gandhi
Reliable and fast security audits - The modern and offensive way-Mohan GandhiReliable and fast security audits - The modern and offensive way-Mohan Gandhi
Reliable and fast security audits - The modern and offensive way-Mohan Gandhibhumika2108
 
Security Cas And Open Id
Security Cas And Open IdSecurity Cas And Open Id
Security Cas And Open IdConSanFrancisco123
 

Mais conteúdo relacionado

Mais procurados

CIS13: Identity as a Matter of Public Safety: A Case Study in Secure API Acce...
CIS13: Identity as a Matter of Public Safety: A Case Study in Secure API Acce...CIS13: Identity as a Matter of Public Safety: A Case Study in Secure API Acce...
CIS13: Identity as a Matter of Public Safety: A Case Study in Secure API Acce...CloudIDSummit
 
CredHub and Secure Credential Management
CredHub and Secure Credential ManagementCredHub and Secure Credential Management
CredHub and Secure Credential ManagementVMware Tanzu
 
Web Components for Microservices and IoT
Web Components for Microservices and IoTWeb Components for Microservices and IoT
Web Components for Microservices and IoTChris Lorenzo
 
Web Application Security: The Land that Information Security Forgot
Web Application Security: The Land that Information Security ForgotWeb Application Security: The Land that Information Security Forgot
Web Application Security: The Land that Information Security ForgotJeremiah Grossman
 
Single SignOn with Federation using Claims
Single SignOn with Federation using ClaimsSingle SignOn with Federation using Claims
Single SignOn with Federation using ClaimsVolkan Uzun
 
ASP.NET Single Sign On
ASP.NET Single Sign OnASP.NET Single Sign On
ASP.NET Single Sign Onleastprivilege
 

Mais procurados (6)

CIS13: Identity as a Matter of Public Safety: A Case Study in Secure API Acce...
CIS13: Identity as a Matter of Public Safety: A Case Study in Secure API Acce...CIS13: Identity as a Matter of Public Safety: A Case Study in Secure API Acce...
CIS13: Identity as a Matter of Public Safety: A Case Study in Secure API Acce...
 
CredHub and Secure Credential Management
CredHub and Secure Credential ManagementCredHub and Secure Credential Management
CredHub and Secure Credential Management
 
Web Components for Microservices and IoT
Web Components for Microservices and IoTWeb Components for Microservices and IoT
Web Components for Microservices and IoT
 
Web Application Security: The Land that Information Security Forgot
Web Application Security: The Land that Information Security ForgotWeb Application Security: The Land that Information Security Forgot
Web Application Security: The Land that Information Security Forgot
 
Single SignOn with Federation using Claims
Single SignOn with Federation using ClaimsSingle SignOn with Federation using Claims
Single SignOn with Federation using Claims
 
ASP.NET Single Sign On
ASP.NET Single Sign OnASP.NET Single Sign On
ASP.NET Single Sign On
 

Destaque

Secure Voting
Secure VotingSecure Voting
Secure VotingBen Adida
 
NJEA Podcasting Workshop
NJEA Podcasting WorkshopNJEA Podcasting Workshop
NJEA Podcasting Workshopheinricb
 
Get Going With RVM and Rails 3
Get Going With RVM and Rails 3Get Going With RVM and Rails 3
Get Going With RVM and Rails 3Karmen Blake
 
Global connections in the classroom
Global connections in the classroomGlobal connections in the classroom
Global connections in the classroomheinricb
 
What is Ruby on Rails?
What is Ruby on Rails?What is Ruby on Rails?
What is Ruby on Rails?Karmen Blake
 
Ettc Workshop Using A Prs System
Ettc Workshop Using A Prs SystemEttc Workshop Using A Prs System
Ettc Workshop Using A Prs Systemheinricb
 
Open-Audit Voting
Open-Audit VotingOpen-Audit Voting
Open-Audit VotingBen Adida
 

Destaque (7)

Secure Voting
Secure VotingSecure Voting
Secure Voting
 
NJEA Podcasting Workshop
NJEA Podcasting WorkshopNJEA Podcasting Workshop
NJEA Podcasting Workshop
 
Get Going With RVM and Rails 3
Get Going With RVM and Rails 3Get Going With RVM and Rails 3
Get Going With RVM and Rails 3
 
Global connections in the classroom
Global connections in the classroomGlobal connections in the classroom
Global connections in the classroom
 
What is Ruby on Rails?
What is Ruby on Rails?What is Ruby on Rails?
What is Ruby on Rails?
 
Ettc Workshop Using A Prs System
Ettc Workshop Using A Prs SystemEttc Workshop Using A Prs System
Ettc Workshop Using A Prs System
 
Open-Audit Voting
Open-Audit VotingOpen-Audit Voting
Open-Audit Voting
 

Semelhante a Two-Factor Web Auth with Bookmark BeamAuth

Protecting Online Identities
Protecting Online IdentitiesProtecting Online Identities
Protecting Online Identitiesgoodfriday
 
Protecting Online Identities
Protecting Online IdentitiesProtecting Online Identities
Protecting Online Identitiesgoodfriday
 
How LinkedIn changed its security model in order to offer an API
How LinkedIn changed its security model in order to offer an APIHow LinkedIn changed its security model in order to offer an API
How LinkedIn changed its security model in order to offer an APILinkedIn
 
Extending Oracle SSO
Extending Oracle SSOExtending Oracle SSO
Extending Oracle SSOkurtvm
 
Von JavaEE auf Microservice in 6 Monaten - The Good, the Bad, and the wtfs...
Von JavaEE auf Microservice in 6 Monaten - The Good, the Bad, and the wtfs...Von JavaEE auf Microservice in 6 Monaten - The Good, the Bad, and the wtfs...
Von JavaEE auf Microservice in 6 Monaten - The Good, the Bad, and the wtfs...André Goliath
 
Live Identity Services Drilldown - PDC 2008
Live Identity Services Drilldown - PDC 2008Live Identity Services Drilldown - PDC 2008
Live Identity Services Drilldown - PDC 2008Jorgen Thelin
 
Abusing bleeding edge web standards for appsec glory
Abusing bleeding edge web standards for appsec gloryAbusing bleeding edge web standards for appsec glory
Abusing bleeding edge web standards for appsec gloryPriyanka Aash
 
Reliable and fast security audits - The modern and offensive way-Mohan Gandhi
Reliable and fast security audits - The modern and offensive way-Mohan GandhiReliable and fast security audits - The modern and offensive way-Mohan Gandhi
Reliable and fast security audits - The modern and offensive way-Mohan Gandhibhumika2108
 
Cloud Native Identity with SPIFFE
Cloud Native Identity with SPIFFECloud Native Identity with SPIFFE
Cloud Native Identity with SPIFFEPrabath Siriwardena
 
Iiw2007b Madsen 01
Iiw2007b Madsen 01Iiw2007b Madsen 01
Iiw2007b Madsen 01Paul Madsen
 
Optimize Your SaaS Offering with Serverless Microservices (GPSTEC405) - AWS r...
Optimize Your SaaS Offering with Serverless Microservices (GPSTEC405) - AWS r...Optimize Your SaaS Offering with Serverless Microservices (GPSTEC405) - AWS r...
Optimize Your SaaS Offering with Serverless Microservices (GPSTEC405) - AWS r...Amazon Web Services
 
Web 2.0 security woes
Web 2.0 security woesWeb 2.0 security woes
Web 2.0 security woesSensePost
 
Word press, the automated way
Word press, the automated wayWord press, the automated way
Word press, the automated wayMichaël Perrin
 
Building Voice Controls and Integrating with Automation Actions on an IoT Net...
Building Voice Controls and Integrating with Automation Actions on an IoT Net...Building Voice Controls and Integrating with Automation Actions on an IoT Net...
Building Voice Controls and Integrating with Automation Actions on an IoT Net...Intel® Software
 
Mist.io @ AWSUGGR
Mist.io @ AWSUGGRMist.io @ AWSUGGR
Mist.io @ AWSUGGRunweb.me
 
Protecting Your APIs Against Attack & Hijack
Protecting Your APIs Against Attack & Hijack Protecting Your APIs Against Attack & Hijack
Protecting Your APIs Against Attack & Hijack CA API Management
 
Intro to Wordpress Security
Intro to Wordpress SecurityIntro to Wordpress Security
Intro to Wordpress SecurityChris Dodds
 

Semelhante a Two-Factor Web Auth with Bookmark BeamAuth (20)

Protecting Online Identities
Protecting Online IdentitiesProtecting Online Identities
Protecting Online Identities
 
Protecting Online Identities
Protecting Online IdentitiesProtecting Online Identities
Protecting Online Identities
 
How LinkedIn changed its security model in order to offer an API
How LinkedIn changed its security model in order to offer an APIHow LinkedIn changed its security model in order to offer an API
How LinkedIn changed its security model in order to offer an API
 
Extending Oracle SSO
Extending Oracle SSOExtending Oracle SSO
Extending Oracle SSO
 
Von JavaEE auf Microservice in 6 Monaten - The Good, the Bad, and the wtfs...
Von JavaEE auf Microservice in 6 Monaten - The Good, the Bad, and the wtfs...Von JavaEE auf Microservice in 6 Monaten - The Good, the Bad, and the wtfs...
Von JavaEE auf Microservice in 6 Monaten - The Good, the Bad, and the wtfs...
 
Live Identity Services Drilldown - PDC 2008
Live Identity Services Drilldown - PDC 2008Live Identity Services Drilldown - PDC 2008
Live Identity Services Drilldown - PDC 2008
 
Abusing bleeding edge web standards for appsec glory
Abusing bleeding edge web standards for appsec gloryAbusing bleeding edge web standards for appsec glory
Abusing bleeding edge web standards for appsec glory
 
Reliable and fast security audits - The modern and offensive way-Mohan Gandhi
Reliable and fast security audits - The modern and offensive way-Mohan GandhiReliable and fast security audits - The modern and offensive way-Mohan Gandhi
Reliable and fast security audits - The modern and offensive way-Mohan Gandhi
 
Security Cas And Open Id
Security Cas And Open IdSecurity Cas And Open Id
Security Cas And Open Id
 
Cloud Native Identity with SPIFFE
Cloud Native Identity with SPIFFECloud Native Identity with SPIFFE
Cloud Native Identity with SPIFFE
 
Iiw2007b Madsen 01
Iiw2007b Madsen 01Iiw2007b Madsen 01
Iiw2007b Madsen 01
 
Dial2Do API
Dial2Do APIDial2Do API
Dial2Do API
 
Starwest 2008
Starwest 2008Starwest 2008
Starwest 2008
 
Optimize Your SaaS Offering with Serverless Microservices (GPSTEC405) - AWS r...
Optimize Your SaaS Offering with Serverless Microservices (GPSTEC405) - AWS r...Optimize Your SaaS Offering with Serverless Microservices (GPSTEC405) - AWS r...
Optimize Your SaaS Offering with Serverless Microservices (GPSTEC405) - AWS r...
 
Web 2.0 security woes
Web 2.0 security woesWeb 2.0 security woes
Web 2.0 security woes
 
Word press, the automated way
Word press, the automated wayWord press, the automated way
Word press, the automated way
 
Building Voice Controls and Integrating with Automation Actions on an IoT Net...
Building Voice Controls and Integrating with Automation Actions on an IoT Net...Building Voice Controls and Integrating with Automation Actions on an IoT Net...
Building Voice Controls and Integrating with Automation Actions on an IoT Net...
 
Mist.io @ AWSUGGR
Mist.io @ AWSUGGRMist.io @ AWSUGGR
Mist.io @ AWSUGGR
 
Protecting Your APIs Against Attack & Hijack
Protecting Your APIs Against Attack & Hijack Protecting Your APIs Against Attack & Hijack
Protecting Your APIs Against Attack & Hijack
 
Intro to Wordpress Security
Intro to Wordpress SecurityIntro to Wordpress Security
Intro to Wordpress Security
 

Mais de Ben Adida

Indivo X Overview
Indivo X OverviewIndivo X Overview
Indivo X OverviewBen Adida
 
How to Build an Indivo X Personal Health App
How to Build an Indivo X Personal Health AppHow to Build an Indivo X Personal Health App
How to Build an Indivo X Personal Health AppBen Adida
 
Indivo X Hospital Connectivity
Indivo X Hospital ConnectivityIndivo X Hospital Connectivity
Indivo X Hospital ConnectivityBen Adida
 
Helios: web-based truly verifiable voting
Helios: web-based truly verifiable votingHelios: web-based truly verifiable voting
Helios: web-based truly verifiable votingBen Adida
 
Truly Verifiable Elections
Truly Verifiable ElectionsTruly Verifiable Elections
Truly Verifiable ElectionsBen Adida
 
Cryptography and Voting
Cryptography and VotingCryptography and Voting
Cryptography and VotingBen Adida
 
Efficient Receipt-Free Ballot Casting Resistant to Covert Channels
Efficient Receipt-Free Ballot Casting Resistant to Covert ChannelsEfficient Receipt-Free Ballot Casting Resistant to Covert Channels
Efficient Receipt-Free Ballot Casting Resistant to Covert ChannelsBen Adida
 
Voting Security Overview
Voting Security OverviewVoting Security Overview
Voting Security OverviewBen Adida
 
Helios - Real-World Open-Audit Voting
Helios - Real-World Open-Audit VotingHelios - Real-World Open-Audit Voting
Helios - Real-World Open-Audit VotingBen Adida
 

Mais de Ben Adida (9)

Indivo X Overview
Indivo X OverviewIndivo X Overview
Indivo X Overview
 
How to Build an Indivo X Personal Health App
How to Build an Indivo X Personal Health AppHow to Build an Indivo X Personal Health App
How to Build an Indivo X Personal Health App
 
Indivo X Hospital Connectivity
Indivo X Hospital ConnectivityIndivo X Hospital Connectivity
Indivo X Hospital Connectivity
 
Helios: web-based truly verifiable voting
Helios: web-based truly verifiable votingHelios: web-based truly verifiable voting
Helios: web-based truly verifiable voting
 
Truly Verifiable Elections
Truly Verifiable ElectionsTruly Verifiable Elections
Truly Verifiable Elections
 
Cryptography and Voting
Cryptography and VotingCryptography and Voting
Cryptography and Voting
 
Efficient Receipt-Free Ballot Casting Resistant to Covert Channels
Efficient Receipt-Free Ballot Casting Resistant to Covert ChannelsEfficient Receipt-Free Ballot Casting Resistant to Covert Channels
Efficient Receipt-Free Ballot Casting Resistant to Covert Channels
 
Voting Security Overview
Voting Security OverviewVoting Security Overview
Voting Security Overview
 
Helios - Real-World Open-Audit Voting
Helios - Real-World Open-Audit VotingHelios - Real-World Open-Audit Voting
Helios - Real-World Open-Audit Voting
 

Último

Search Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfSearch Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfRankYa
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...Fwdays
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubKalema Edgar
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsRizwan Syed
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek SchlawackFwdays
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteDianaGray10
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLScyllaDB
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .Alan Dix
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):comworks
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024Lonnie McRorey
 
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostLeverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostZilliz
 
Story boards and shot lists for my a level piece
Story boards and shot lists for my a level pieceStory boards and shot lists for my a level piece
Story boards and shot lists for my a level piececharlottematthew16
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.Curtis Poe
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity PlanDatabarracks
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsMark Billinghurst
 
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdfHyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdfPrecisely
 
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo Day
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo DayH2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo Day
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo DaySri Ambati
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenHervé Boutemy
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 3652toLead Limited
 

Último (20)

Search Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfSearch Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdf
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding Club
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL Certs
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
 
DMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special EditionDMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special Edition
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test Suite
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQL
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024
 
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostLeverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
 
Story boards and shot lists for my a level piece
Story boards and shot lists for my a level pieceStory boards and shot lists for my a level piece
Story boards and shot lists for my a level piece
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity Plan
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR Systems
 
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdfHyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
 
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo Day
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo DayH2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo Day
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo Day
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache Maven
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365
 

Two-Factor Web Auth with Bookmark BeamAuth