Skip to main content
Security

Security

If it isn’t the NSA, it’s a bug somewhere. In these difficult days, you need to know all you can to protect your users.

Add to your personal schedule
Operations & System Administration | Security
D139/140
Tutorial Please note: to attend, your registration must include Tutorials.
Dave Quigley (KEYW Corporation)
Average rating: ***..
(3.75, 4 ratings)
Building on last year’s critically acclaimed ‘Demystifying SELinux: WTF is it saying?’ talk Demystifying ‘SELinux Part II: Who’s policy is it anyway?’ is an extended tutorial which has attendees work through real life examples of SELinux configuration and policy construction. Read more.
Add to your personal schedule
Nicolas Steenhout (Accessibility NZ)
Average rating: ***..
(3.40, 5 ratings)
Did you hear about the double arm amputee who was refused service at a bank because he could not provide a thumbprint? Or the online petition to increase services for blind folks, that they couldn’t sign because of CAPTCHA? These are examples of security practices that cause barriers to people with disabilities. Security can create barriers, but it doesn’t have to reduce accessibility! Read more.
Add to your personal schedule
Security
D135
Mark Stanislav (Duo Security)
Average rating: *****
(5.00, 1 rating)
This presentation will provide insight into the security mechanisms being used by the IZON IP camera, some of the weaknesses found during research, and a few recommendations for them (or anyone else developing these sorts of cameras) to benefit from. Attention will be paid to topics such as network protocols, iOS app security, APIs, and other aspects of the camera's attack surface. Read more.
Add to your personal schedule
Security
F151
Nick Sullivan (CloudFlare)
Average rating: ***..
(3.80, 5 ratings)
Red October is an open source encryption server with a twist -- it can encrypt secrets, requiring more than one person to decrypt them. This talk will describe what goes into building an open source security product and using it in the real world. From motivation, design decisions, pitfalls of using a young programming language like Go, through deployment and opening the work up to the community. Read more.
Add to your personal schedule
Security
E146
Christian Ternus (Akamai)
Average rating: ****.
(4.83, 6 ratings)
Denial of Service (DoS) attacks have been making the news lately -- can your site hold up? In this talk, we'll look at a number of open-source tools for testing your site and walk through ways to guard yourself against web attackers. Read more.
Add to your personal schedule
Security
F151
Eric Mittelette (Microsoft Open Tech), Steve Lipner (Microsoft Corp.)
Average rating: *....
(1.71, 7 ratings)
Secure software development is something absolutely critical to helping create safer more trusted computing experiences for everyone. Read more.
Add to your personal schedule
Security
D136
William A Rowe Jr (Pivotal)
Average rating: ***..
(3.20, 5 ratings)
This presentation covers all aspects of configuring Apache HTTP Server for https/TLS, including ECC, RSA and DH keys and key strength, cipher suites, SSL session caches vs. session tickets, OCSP stapling and TLS virtual hostnames. These elements are integrated to provide perfect forward secrecy and meet modern best practices for both client and proxied connections. Read more.
Add to your personal schedule
Security
E146
Allison Mankin (Verisign, Inc.), Willem Toorop (NLNet Labs), Neel Goyal (Verisign, Inc.), Glen Wiley (Verisign, Inc.)
The need for secure DNS is more pressing than ever but the current standard API for using the DNS can't take advantage of modern DNS features. We will give an application developers view of DNSSEC and describe the independently written getDNS API specification. We will showcase the open source implementation of the specification built by our team of developers from NLNet Labs and Verisign. Read more.
Add to your personal schedule
Security
D136
Brent Shaffer (Adobe Systems Inc)
Average rating: *****
(5.00, 1 rating)
If your application doesn't have APIs, it's probably written in Cold Fusion. Every application has APIs, and APIs need authentication. See how OAuth2 is robust enough to satisfy the demands of the enterprise, while still serving the smallest of side projects. Read more.
Add to your personal schedule
Security
D139/140
Francesc Campoy Flores (Google Inc.)
Average rating: ****.
(4.67, 6 ratings)
One of the most important tools created to help people learn Go is the Go tour (http://tour.golang.org) It allows the user to learn the basics of Go and put them in practice directly on their browsers, running code without installing any compiler. Implementing this in a safe way is not an easy task! In this talk I present some techniques used to make sure everything goes as expected. Read more.