Panel: What Happens When Applications Don't Use the Identity Standards We Have Built
Facebook Twitter LinkedIn

Panel: What Happens When Applications Don't Use the Identity Standards We Have Built

Combined Session
Thursday, May 11, 2023 14:30—15:30
Location: A 03-04

Panel: What Happens When Applications Don't Use the Identity Standards We Have Built

OAuth 2.0 is a widely adopted standard for authorization, but it can be complex to implement correctly. It's not uncommon for developers to have difficulty understanding the nuances of the OAuth 2.0 flow and instead rely on simpler approaches such as using API keys in "god mode."

OAuth 2.0 can be difficult to set up and configure, especially for developers who are new to the standard. It involves creating an OAuth 2.0 client, setting up redirect URIs, and managing access and refresh tokens, which can be confusing and time-consuming. Additionally, the standard requires developers to handle user authentication and authorization separately, which can be difficult to understand for those who are not familiar with the concepts.

Many developers may not understand the security benefits of OAuth 2.0 over API keys. OAuth 2.0 allows for fine-grained access control, enabling developers to limit access to specific resources and actions. In contrast, API keys provide more open access, allowing all actions on all resources. Developers may be inclined to use API keys instead of OAuth 2.0 because they are simpler and easier to implement, but they don't offer the same level of security.
Developers may find it hard to understand the standards, and may end up using an inconsistent approach.

The panel will discuss these reasons and other potential causes for why developers may not be using OAuth 2.0 correctly, and provide recommendations for how to overcome these challenges. We will highlight the benefits of OAuth 2.0, such as improved security and the ability to provide fine-grained access control, to encourage developers to adopt the standard. Additionally we will give examples of real-world attack scenarios that could have been avoided if the application was using OAuth 2.0.

Ward Duchamps
Ward Duchamps
Thales Digital Identity and Security
Ward Duchamps, who brings over two decades of experience in Identity and Access Management, currently serves as the Director of Strategy & Innovation for the Identity & Access Management...
Mark Haine
Mark Haine
OpenID Foundation
Mark is an engineer and entrepreneur who has focussed his career on building solutions that enable business and mitigate risk in financial services. At the start of 2020 Mark founded...
Ingo Schubert
Ingo Schubert
RSA
Ingo Schubert joined RSA almost two decades ago and dealt with cryptographic toolkits and PKI until he discovered the identity and access management parts of RSA’s portfolio. His main...
Mayur Upadhyaya
Mayur Upadhyaya
Contxt
Mayur is the CEO of Contxt, a privacy layer for customer identity. Previously he was AVP Identity Cloud at Akamai technologies where he led the former Janrain team after acquisition. In 2014 he...

Navigate the DR (Detection & Response) Jungle: EDR, EPDR, XDR, NDR, MDR, ITDR

ITDR: Is this really something new, given that around 80% of the cyberattacks are identity-related, from password phishing to bypassing MFA? Is it a separate discipline or just a part of XDR (Extended Detection and Response)? Or a new name for what Access Management and FRIP already do?

As always, there is something new and relevant in this. The fundamental question for many organizations will be on how to address the identity threat challenge best. Does it require new or different tools, or just a different use of what is already there? What to look for specifically? And how to reduce the risk of identity-based attacks? Is ITDR the core, or better identity protection? These questions will be answered in this session to help you navigating through the buzzword jungle.

Navigate the DR (Detection & Response) Jungle: EDR, EPDR, XDR, NDR, MDR, ITDR
Event Recording
Navigate the DR (Detection & Response) Jungle: EDR, EPDR, XDR, NDR, MDR, ITDR
Click here to watch the recording of this session. Please note that this video is only available to event participants and subscribers. You'll need to log in to watch it.
Navigate the DR (Detection & Response) Jungle: EDR, EPDR, XDR, NDR, MDR, ITDR
Presentation deck
Navigate the DR (Detection & Response) Jungle: EDR, EPDR, XDR, NDR, MDR, ITDR
Click here to download the slide deck. Please note that downloads are only available for event participants and subscribers. You'll need to log in to download it.
Martin Kuppinger
Martin Kuppinger
KuppingerCole
Martin Kuppinger is Founder and Principal Analyst at KuppingerCole, a leading analyst company for identity focused information security, both in classical and in cloud environments. Prior to...

Use AI to Make Account Takeover a Frustrating Experience... For the Attacker

Sure, MFA goes a long way in preventing account takeover but it is only one layer. Using AI to look at identity data to evaluate risk can add an additional layers – not only to prevent takeover but mitigate the impact once a takeover happened. 

Use AI to Make Account Takeover a Frustrating Experience... For the Attacker
Event Recording
Use AI to Make Account Takeover a Frustrating Experience... For the Attacker
Click here to watch the recording of this session. Please note that this video is only available to event participants and subscribers. You'll need to log in to watch it.
Use AI to Make Account Takeover a Frustrating Experience... For the Attacker
Presentation deck
Use AI to Make Account Takeover a Frustrating Experience... For the Attacker
Click here to download the slide deck. Please note that downloads are only available for event participants and subscribers. You'll need to log in to download it.
Ingo Schubert
Ingo Schubert
RSA
Ingo Schubert joined RSA almost two decades ago and dealt with cryptographic toolkits and PKI until he discovered the identity and access management parts of RSA’s portfolio. His main...

Tickets

On-Demand Access
Re-live EIC 2023
€500
 
Watch 200 sessions on-demand
Download all available presentations
Subscribe for updates
Please provide your email address