Last active
May 31, 2016 23:05
-
-
Save ewbarnard/cbb1b7ead43d4efc41b2516c03f8c3a2 to your computer and use it in GitHub Desktop.
Right Attitude in Securing your Web Services
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
WHAT CHANGED: Title and description | |
Title: Right Attitude in Securing your Web Services | |
Level: Intermediate | |
Duration: 50 minutes including 10 for questions | |
Description: | |
Knowing how to secure your web SITE does not translate into knowing how to | |
secure your web SERVICE. Your website is friendly to humans. You can fend off | |
attacks with CAPTCHA and other ways of detecting and rejecting automated | |
traffic. | |
Your web services, by contrast, are to be consumed by non-humans. You therefore | |
need to take a far different approach to securing your web services. If you | |
don't understand the difference, brute-force attacks can be deadly. | |
We don't look at any code. Instead we focus on what's different about web | |
services. We'll see why a brute-force attack can be over and gone before | |
you even know it started. We'll see why newer, cleaner, more efficient code | |
can work to your attacker's advantage. | |
I'll show you my experiences and the attitude you need to protect your own. | |
Additional Information: | |
1. This talk is based on my article in May 2016 php[architect] | |
https://www.phparch.com/magazine/2016-2/ -- you can read for free. | |
2. Platform experience: I am a new PHP speaker. However, I used to teach Cray | |
Supercomputer operating system internals (assembly and octal) as Senior | |
Instructor for Cray Research Software Training. | |
To whomever reviews this Gist: My sincere thanks. |
I like the title ("Learn from the Enemy"). I think the abstract should work work more into it about the enemy and how attendees will be learning from the enemy.
Conversely, strip the "Learn from the Enemy" part and just have the title be "Right Attitude in Securing your Web Services," since that's where the abstract seems focused. Maybe another sentence or two about having the right attitude and how this talk will instruct others in what that right attitude is.
Updates look good!
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
This portion seems a bit superfluous: "If you have a flagship mobile app, it's not a human. It's an app!"
I'd also try to include a sentence mentioning more high-level specifics about the talk, so the audience has some idea of what to expect beyond "security" and "web services."