December 16, 2019

161 words 1 min read

OAuth: When things go wrong (sponsored by Okta)

OAuth: When things go wrong (sponsored by Okta)

Aaron Parecki discusses common security threats when building microservices using OAuth and how to protect yourself. You'll learn about high-profile API security breaches related to OAuth; common implementation patterns for mobile apps, browser-based apps, and web server apps; and the latest best practices around OAuth security being developed by the IETF OAuth working group.
Talk Title OAuth: When things go wrong (sponsored by Okta)
Speakers Aaron Parecki (Okta)
Conference O’Reilly Software Architecture Conference
Conf Tag Engineering the Future of Software
Location New York, New York
Date February 4-6, 2019
URL Talk Page
Slides Talk Slides
Video

Aaron Parecki discusses common security threats when building microservices using OAuth and how to protect yourself. You’ll learn about high-profile API security breaches related to OAuth; common implementation patterns for mobile apps, browser-based apps, and web server apps (and how to secure them); and the latest best practices around OAuth security being developed by the IETF OAuth working group. This session is sponsored by Okta.

api threat security microservice mobile
comments powered by Disqus
Intro: Open Policy Agent

Intro: Open Policy Agent

October 12, 2019

The Open Policy Agent (OPA) is a general-purpose policy engine that enables fine-grained, context-aware policy enforcement across the stack. OPA is used in production by companies like Netflix, Intuit …
Running Resilient Workloads with Istio

Running Resilient Workloads with Istio

October 4, 2019

Remember how cool Kubernetes seemed when you first started using it? A simple, easy API for scalable compute in any cloud: just a Deployment and a Service and youre done! But as you use it more, you …
Security principles for the working architect

Security principles for the working architect

December 15, 2019

As our world becomes digital, we all need to be developing systems that are secure by design. The security community has developed a well-understood set of principles used to build secure systems, but they are rarely discussed outside that community. Eoin Woods outlines these fundamental principles of secure software design and explains how to apply them to mainstream systems.
The future of cloud-native programming (sponsored by IBM)

The future of cloud-native programming (sponsored by IBM)

December 15, 2019

Today, we are witnessing a great proliferation of cloud-native paradigms such as 12-factor apps, microservices, and serverless. Tamar Eilam discusses an emerging unified cloud platform (based on open source projects such as Kubernetes and Istio) and explains why the new frontier is its evolution to unify multiple programming paradigms for greater simplification with power of expression.
Stitching a Service Mesh Across Hundreds of Discrete Networks

Stitching a Service Mesh Across Hundreds of Discrete Networks

December 9, 2019

Intuit has experienced large growth in its microservices ecosystem over the last few years, which was primarily using a hub and spoke API Gateway for service communication. As the ecosystem expanded, …
Piloting Around the Rocks: Avoiding Threats in Kubernetes

Piloting Around the Rocks: Avoiding Threats in Kubernetes

December 4, 2019

Over three months in 2019, Trail of Bits completed the first-ever security review of Kubernetes, consisting of source review, dynamic testing, and threat modeling. One artifact, the threat model, lets …