Explore a comprehensive conference talk on authentication best practices and common pitfalls. Learn about identity, authentication issues in ecosystems, and data security concerns. Dive into various authentication methods, including web tokens, OAuth, session tokens, and key management. Discover the importance of choosing the right libraries and algorithms for secure authentication. Gain insights into token binding, browser support, and minimum security measures. Understand the workflow of magic links and explore SAML signatures and XML passing. Empower yourself with knowledge to implement robust authentication systems and protect sensitive data.
Overview
Syllabus
Introduction
Who are we
Disclaimer
Agenda
Identity
What is Authentication
Common Authentication Issues
Authentication in the Ecosystem
Why are we here
Data Fear
Broken Authentication
General Authentication Issues
Approach
Outline
Token
Web Tokens
Web Token Example
OAuth
Best Case Scenario
Choose the Right Library
Check for the Right Algorithms
Mitigations
Session Tokens
Key Management
Key takeaways
OAuth primer
Token types
Token binding in action
Browser support
Pixie
OpenRedirect
Minimum Security Measures
Magic Links
The Workflow
Before the magic
SAML
Signatures
XML Passing
Empowering Developers
Taught by
BSidesLV
