×
Eventil - Find Tech Events
Official mobile app
FREE - In Google Play
View
×
Eventil
Official mobile app
FREE - In App Store
View

The parts of JWT security nobody talks about

May 30, 2019 · Petach Tikva, Israel

17:00-17:30 - Reception, Networking, Coffee&Cake.

17:30-18:30 - The parts of JWT security nobody talks about by Philippe De Ryck, Founder of Pragmatic Web Security, Google Developer Expert.

JSON Web Tokens (JWT) have become the de facto standard to transfer application claims between the client and the server. By design, they incorporate the use of signatures to ensure the integrity of the data. However, merely signing the data alone is not enough to guarantee security.

In this talk, we zoom into the security properties of JWTs. After introducing the different signature schemes, we dive into the hard parts nobody talks about. How do you manage and identify the keys used for the signature? How do you handle key rotation? And what about encrypting JWTs? This talk answers all these questions. You will walk away with a set of best practices for adequately securing JWTs.

Philippe De Ryck is the founder of Pragmatic Web Security, where he travels the world to train developers on web security and security engineering. He holds a Ph.D. in web security from KU Leuven. Google recognizes Philippe as a Google Developer Expert for his knowledge of web security and security in Angular applications.

** To ensure your participation, please fill out this form:
https://docs.google.com/forms/d/e/1FAIpQLSeZqsm9le0RHyiQ34lKi6X3jB3bfOFYQQ4cAD4iowUykBL8kA/viewform?usp=pp_url&entry.801673747=+Security+

18:30-18:45 - Break : Coffee&cakes with Networking.

18:45-19:45 - Infrastructure fuzzing by Salo Shp, SRE Expert from Tikal.
In this session We will cover the reason and methods hackers use to DDOS our production, and learn how to mitigate that threat by doing it ourselves as part of an overall Chaos Engineering methodology.

Hope to see you all,
Tikal Team

#devops

Event organizers
  • Fullstack Developers Israel

    This is a community for fullstack developers who would like to share and learn new technologies, practices and tools. Our meetings usually  talks about everything in all levels of the software layers. We focus on a "Fullstack" developers, as for today every developer is expected to do a bit of everything: front-end, back-end, database/store, infrastructure and server operation, sure we all have a preference and specialization, but in order to keep up in the current technology pace we should learn and prac

    Recent Events
    More

Are you organizing The parts of JWT security nobody talks about?

Claim the event and start manage its content.

I am the organizer
Social
Rating

based on 0 reviews

Featured Events