วีดีโอ

‘Security landscape’ is an overused, vague and cliche phrase.

Philip Friday Ede said that integrity matters security app secure

this is really awesome, I'd love to see a complete example. But this is already very good

Not writing down his email in a non-scrapable document, that's security.

Really wish after watching 1.5 hrs of this video that the computer screen or slides could’ve been shared for the last 20 minutes.

Why did he say that he was able to break sha2 in a minute with hashcat? I call mega BS

Thank you so much for this informative talk!

amazing history

amazing history

“Bitcoin will die” This aged well

WOW, JS security discussed here is almost 8 years old, but still relevant.

my man fighting for his life lol. great talk though

39:30 FYI - a notary public in U.S. does a very different job from a European notary public.

The awful meter intralysosomally harass because attraction curiosly battle minus a muddled eggnog. dear, smooth flag

Fantastic talk, Jan! Thank you for drawing such clear connections between testing and formal verification.

Thank you for your logical presentation and topic Focused to introduction level yet allows a much wider overview and.even wider awareness of important topics all related to real world problems . That affects all users and needs of business as well as home and student use of computers and devices . Without understanding the constantly aimed weapon at all users .No true effort could be made to support any new viral type infections . Your diagram of quarterly new infections of over 2 million new infections that were seen in only 6 months . With thousands of potential infections from each of these . Are more than a threat to everyday users . And needs for insurance and users classes certification to bring affordable insurance and devices verification education and certifications . That can start at a time before a computer users are allowed to use the web . This is such a problem that we as a society must not continue to discard as unattainable . A virtual computer system with a quantum encryption processing blending may be a first step . But international born infections into clouds now may be a greater false security in the near future . What can you predict and how would one currently set up a best use personal and business computer analysis team . That could be developed into local areas to augment computer repair and modification service with a strong computer static and dynamic analysis and threat evaluation .While enhancing public process of education and awareness and increasing the interest into the much needed field of computer security . And smart road map of those elderly or disabled children or children to a smart not overwhelmingly and heavy mind crushing multi path directions in such fast changing technology . That soon be a cloud based security enhanced operation . That still requires security on a personal based foundation. . I look forward to your future videos . And feel a hands on practical teaching of your topics will be a great tool to help to overcome the high jump to language learning . Rather than practical lab with learning to understand such topics as you describe . An application of learning the art of Analysis can be fun as well as educational when it has a road map to a OSI type format . But that is just a wild thought from a beginner. Thank you from Denver. Colorado , for your style of teaching .

Thank you this is very fun

This whole presentation is gold.

03:26 Attack payloads 04:49 3 variants of XSS 05:04 reflected 04:54 Stored 04:57 DOM XSS 05:04 Reflected XSS 05:28 Stored XSS ===================================== Input Validation (raw HTML input) ===================================== 06:33 Danger: XSS Weak Defense Used 06:55 how do you stop this 07:40 Eliminate, >, <, &, ", ', filter shorturl.at/yHU49 shorturl.at/qHQVX 08:30 irish, O'Shea , O'malley I can put my name on it, what's wrong with you ===================================== Output Encoding (Strings) ===================================== 09:09 input validation, we want to focus output encoding, output encoding that's gonna save us 10:00 Go 10:30 <, the browser thinks it's code , we have to escape it and convert to a form that's isnt executing &lt; HTML entities, that would display but not execute it like code, use librairies ===================================== 11:41 Danger: Multiple context ===================================== 13:03 the best place to defeat XSS, JavaScript injection is in the user interface itself 14:00 HTML Body escaping , performance 16:03 HTML Attribute Ecaping examples 17:05 URL fragments, URL parameters escaping examples 18:10 Handling Untrusted URL's. Twitter 20:28 Wordpress 25:04 Advanced XSS Defence ===================================== ~26:00 HTML Sanitazation and XSS ===================================== ~ tinyMCE 31:17 few librairies, nodejs ===================================== 35:28 DOM XSS ===================================== Dangerous Javascript Sinks, eval ist just evil, 37:30 jQuery, JSON ===================================== 41:30 Sandboxing ===================================== ~ 44:00 don't put advertisement in your site 45:31 X-Xss-Protection, XSS A ===================================== Content Security Policy (CSP) ===================================== 49:54 CSP, 3rd group of UI defense 50:14 frameworks, angular. HTML sanitization 53:15 how to make our user interface super robust 53:49 Content Security Policy is probably the most important security that reduces the attack surface of your web application 54:23 We can move inline scripts 55:30 when did you apply CSP 56:04 these are response headers 57:02 default-src 'self' 58:21 twitter policy 58:25 Seriously, what is CSP 58:54 How, disable inline, eval 59:41 what is inline JavaScript shorturl.at/avLMZ 01:00:54 how does the browser know 01:01:32 CSP features

Buen video, me costo entender un poco pero si entendí algo jajaja

He talks about key algorithms in the beginning and then advice to use RSA because that is widely supported. Then, he says not to use RSA when talking about key exchange. Can some one shed some light?

20:47 Jim says that the client secret is in the URL, that's just incorrect, isn't it?

Thank you for your valuable informations.

At 45:49 Jim recommends collecting pwned credentials from previous data breaches. Wouldn't an organizations run into compliance violations if they keep collecting and updating such breached data? Just a doubt I always had, as we too had this idea.

hello nate howes class

Material actually starts at 3:30

thank you

Excellent explanation.

Excellent. High engagement level! Also handouts.secappdev.org/handouts/2017/Jim%20Manico/04a.%20OAUTH%20Security%20Introduction%20MODULE%202-9-2017.pdf

Is there a link to the talk by Yo (sp?) about OIDC that was referenced around the 10 minute mark?

There is no absolute right or wrong, you can do a wrong thing right and you can do a right thing wrong.

I am big fan of Agile. But it can get very wrong if you don't do it right. When the boeing 737 accidents happened, first thing I checked was that they were doing Agile.

Software development evolves as a spiral curve. Started simple, gets complex, gets split into microservices...

Well, I still got 500 bills, hopefully they don’t disappear 😊

On slide 5, 10:39, I calculated the number of keys for symmetric is n*(n-1)/2, not n^2, and for asymmetric is n*2.

I like this guy

This guy is quite amazing

45:31 - Multicollisions in Iterated Hash Functions. Application to Cascaded Constructions, Antoine Joux

How to restrict JavaScript code access from browser console??

can you give me some info about secure transport protocols and application protocols

Excellent talk!

excellent..easy to understand

Amazing speech.

He sounds really mad

Good stuff.

Learnt more in the last 90 minutes than reading over an year about the topic. One request though is to get to see the speakers, whiteboard and also to listen to the audiences questions just like the other videos.

While Mr. Preneel's content is always top-notch, the sound quality of this video is poor. Keep the content rolling, as it's rare to hear such in-depth expertise.

FYI at 59:00 it looks like the slides get out of sync with the presentation and don't catch up until 1:03:04

good video sir

Very good presentation, a good addition to his PHD thesis!