SecAppDev 2024 lecture details
Security Signals - A framework to scale web security
Learn about Security Signals, a data-driven framework to scale web security, provide insights into security stance, and unique capabilities to manage security mitigations and remediations with high coverage, precision, and recall.
Tuesday June 4th, 14:00 - 15:30
Room West Wing
Download handoutsAbstract
Ensuring the security of web applications developed by many different engineers requires a solid understanding of security details and can be quite hard to scale. Thus, a web security team should also own the rollouts of security features. This requires a mindset shift, and high-quality metrics and tools to perform such changes.
In this session, we'll explore Security Signals, a framework for collecting and processing aggregated and de-identified traffic logs across all Google web properties. Using the adoption of strict CSP as an example, we will take a closer look at how all components work.
Key takeaway
Understand how and why security web infrastructure is built, used, and maintained at scale, also learn its components and capabilities it’s providing.
Content level
Introductory
Target audience
Developers and security specialists interested in securing web applications.
Prerequisites
Basic knowledge of web application security.
Slawomir Goryczka
Software Engineer in Security, Google
Expertise: Data Driven Security and Privacy in Large Distributed Environments
Related lectures
Supercharging OAuth 2.0 security
Advanced lecture by Philippe De Ryck in room Lemaire
Tuesday June 4th, 16:00 - 17:30
Discover how to apply OAuth 2.0 in high-security scenarios, exploring its latest security enhancements. Learn about advanced features like Resource Indicators, JAR, PAR, and DPoP, gaining the knowledge to implement OAuth 2.0 securely.
Key takeaway: OAuth 2.0 offers various new security enhancements, including Resource Indicators, JAR, PAR, DPoP, designed for high-security environments
Introduction to Macaroons
Introductory lecture by Neil Madden in room Lemaire
Wednesday June 5th, 14:00 - 15:30
A deep dive into the workings of Macaroons, a novel authorization technique developed by Google. Learn the unique capabilities of this exciting new technology and how it is being deployed by multiple companies to secure the cloud.
Key takeaway: Learn when to use Macaroons vs other technologies for authentication tokens.
Winning the war in cyber
Keynote lecture by Jessica Robinson in room Lemaire
Monday June 3rd, 09:15 - 10:30
How well we adapt continues to influence our security strategies, our creativity, and our culture, in our companies and in our industry. It seems starting with ourselves is a natural place to begin.
Key takeaway: What the evolution of the security practitioner, and leader, will look in the future in winning the daily battles in cybersecurity.