Registration is NOW Open
Marriott Wardman Park
2660 Woodley Rd NW
Washington DC, District of Columbia 20008 USA
Phone: 1-202-328-2000 

Book Now 
*discount rates expire August 19, 2019
Friday, September 13 • 3:30pm - 4:15pm
Who Dis? The Right Way to Authenticate

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Feedback form is now closed.
Online verification of identity today extends across microservices, cloud providers, IoT devices, emerging systems and end user. In a brief study we conducted on 100 most visited websites, over 95% supported authenticated sessions with more than 97% of these are username and password based. 81% of discovered breaches are due to broken authentication, indicate there is still a problem to solve and this is the focus of our talk.

Developers are generally aware of different authentication methods used for secure interaction between these entities, but most often miss out on best practices. In this context, we discuss popular authentication schemes like SAML, OAuth, token, magic links, adopted by developers today and emerging ones like WebAuthN. We will present incorrectly coded authentication patterns observed from our study and also highlight recurring mistakes like MFA bypass, token leakages and other authentication misconfigurations. Finally, we provide secure blueprints that developers can leverage to bake security into their software development lifecycle.

avatar for Dhivya Chandramouleeswaran

Dhivya Chandramouleeswaran

Security Engineer, Lyft
Dhivya Chandramouleeswaran is a security engineer at Lyft providing proactive security guidance to key product teams. She develops security automation tools and enjoys reviewing the security of new technologies. She has given talks at OWASP App Sec DC, Defcon BTV, CSA summit and BSides... Read More →
avatar for Lakshmi Sudheer

Lakshmi Sudheer

Security Researcher
Lakshmi Sudheer is a Security Researcher. She has been in the security industry for about four years now. She works on reviewing architectures and providing security guidelines to various product teams. Prior to this, she was at a startup doing all things Application Security and... Read More →

Friday September 13, 2019 3:30pm - 4:15pm EDT
Lincoln 4