Signing into any application feels like a commodity nowadays. You just click on that “Sign in with Google” button and the app opens its doors for you. But there’s a lot more to it under the hood. This talk will walk you through the science behind the login box, from foundational protocols like OAuth2 and OpenID Connect to the works behind apps like Google Authenticator and other OTP providers and new trends like WebAuthn and device biometrics for logins. No prior Identity knowledge is required, but a basic understanding for development could help to follow the session.
Tobias is currently the Partner Solutions Engineer for the EMEA region at Auth0. He is truly passionate for developing engaging applications in the simplest way possible and about sharing the knowledge how to do so with others. When he is not coding or advocating Auth0 he spends his time usually cooking or playing (non-competitive) video games.
Modern cloud native technologies enable you to build, deploy, and scale rapidly. But this increased complexity exposes your application to new risks and vulnerabilities. Each layer of your cloud native application – spanning your code, third party dependencies, containers, and clusters – exposes you to new security concerns. And we’ll show you just how easy they are to exploit!
During this live hacking session, led by Mathias Conradt, we’ll exploit an application as an attacker would to show threats, vulnerabilities, and misconfigurations that are most common in cloud native apps. Then, we’ll show you how you can protect your application through clear remediation actions and best practices for each attack scenario.