Ryan Lane talks about the concepts and tooling for wrangling identity, access management, and secrets (passwords, ssl certificates, access tokens, etc.) in cloud services.
Phil Nash takes a look at generating one time passwords, implementing two-factor authentication in web applications and the use cases for QR codes.
Will Tran talks about the authentication and authorization scenarios that one may encounter once he starts building out microservices.
Paul Glavich discusses design decisions to be made when building a new API regarding versioning, hypermedia usage, authentication and other aspects.
Colin Harrington warns that application security is not a concern that we can ignore. Vulnerabilities come from various angles, but it is important to stay aware so we can recognize and thwart threats
Scott Smerchek presents the benefits of using a nonprofit web project to learn Rails and what he learned while building LoveKC.org, introducing various Rails topics.
Chris Risner demos an Android app built with Azure Mobile Services using structured data stored in the cloud, GCM push notifications with a single line of code, authentication, security and others.
Justin Kobel introduces claims-based authentication, what are claims, their life cycle, explaining how to consume them in .NET through a number of demoes.
Chas Emerick explains how to implement multi-factor authentication, role-based authorization and phishing prevention with Friend.
John Davies discusses passwords, the need for multiple passwords and password managers, and how OAuth is providing SSO for multiple sites, including an OAuth demo app for the iPhone.
Pat Patterson discusses ways of consuming RESTful APIs from Clojure on a securely manner using OAuth 2.0.
Rob Winch demoes some of the new features in Spring Security 3.1: multiple http elements, stateless authentication mode for RESTful services, Debug Filter, CAS support for proxy tickets, JAAS, etc.
CONTENT IN THIS BOX
PROVIDED BY OUR SPONSOR
Increase security on compromised platforms with Intel® SGX.
An Intel technology for application developers who are seeking to protect select code and data from disclosure or modification.
A Developer’s Perspective.
Developers have long been constrained by the security capabilities that major platform providers have exposed for application development. How Bromium and wolfSSL employ Intel® SGX to create more secure, next-generation solutions.
Learn more about the Intel SGX SDK, a collection of APIs, libraries, documentation, sample source code, and tools that allows software developers to create and debug Intel SGX enabled applications in C/C++.
Protect Application Code, Data, & Secrets from Attack.
Developers can partition their application into CPU hardened “enclaves” or protected areas of execution that increase security even on compromised platforms.
Intel Software Guard Extensions (SGX) for Dummies.
At its root, Intel® SGX is a set of new CPU instructions that can be used by applications to set aside private regions of code and data.