Building Data Breach and Subpoena Resistant Applications - Philly ETE 2017

Explore techniques for building data breach and subpoena resistant applications in this 50-minute conference talk from Philly ETE 2017. Delve into the challenges of protecting user data against various threats, including internal compromises. Learn about a new approach based on cryptography and messaging that aims to enhance data security beyond traditional methods. Examine the limitations of technical defenses against non-technical attacks and discover how to set new standards for safeguarding user information. Gain insights into JSON Web Tokens, cost-based cryptographic hashes, and see a practical example of implementing these concepts in a written test administration application. Understand the steps involved in admin setup, user invitation, login, exercise completion, and submission review. Conclude with an overview of the final data footprint, further reading suggestions, and next steps for implementing robust data protection strategies.