GOTO is a vendor independent international software development conference with more that 90 top speaker and 1300 attendees. The conference cover topics such as .Net, Java, Open Source, Agile, Architecture and Design, Web, Cloud, New Languages and Processes

Presentation: "Knock Knock: Understanding Who is Using Your Web Applications"

Track: Web Security / Time: Tuesday 10:20 - 11:10 / Location: Store Sal, Musikhuset

Knock, knock.
Who's there?
User.
User who?
user@website.com:password.
Ok, have fun!

There are lots of ways of dealing with authentication, but the interaction before, during, and after is usually ignored. This is pretty much how web applications work today. We don't ask the right questions of users attempting to access our web applications. How sure are you that the user accessing your site is who they say they are? How sure are you that you want them accessing your site at all?
 
Join Aaron Bedra as he walks you through asking the questions you should be asking of your users, and how to help prevent abuse, fraud, and otherwise unwanted activity on your web applications. You will learn how to ask the right questions without interfering with a great user experience.

Download slides

Aaron Bedra, Application Security Lead, Braintree and Co-Author of Programming Clojure, 2nd Edition

Aaron Bedra

Biography: Aaron Bedra

Aaron Bedra is the application security lead at Braintree. He is the co-author of Programming Clojure, Practical Software Security, and another upcoming Pragmatic Press book.

Software Passion: Exploring new and interesting ways to break and defend software.

Twitter: @abedra

Websites: aaronbedra.com

Professional Contributions:  Aaron is a co-author of Programming Clojure, 2nd Edition,  a contributor to Clojure, ClojureScript, Ring, Hiccup, and Ruby on Rails. He is the creator of Repsheet, a reputational intelligence engine.