HQ#backend #frontend #mobile
Hacking the native clients OAuth 2.0 - is this system safe?
Let's try to hack the authentication of the native clients using OAuth 2.0. OAuth has become the industry's go-to authentication mechanism, with a multitude of users seamlessly logging into apps with well-known platforms like Google or Twitter. Join us as we explore the limitations of standard OAuth flows for native clients, which allow attackers to get access to private data. We will play the attack vectors, try to mitigate such attacks using the PKCE (Proof Key for Code Exchange) extension, and question its future.
Key Takeaways:
Key Takeaways:
- Discover the limitations of standard OAuth 2.0 flows for native clients and the associated risks and attack vectors.
- Gain insights into how PKCE extension addresses these challenges head-on, fortifying your applications against private resources' leaks.
- This talk will cover various mitigation strategies, best practices, and recommendations.
- Difficulty Any level
- Speech type Standard 40min
Alina Boshchenko
Software engineer and security champion at JetBrains
Netherlands
Netherlands
I am a software engineer and security champion at JetBrains. My current focuses are high-load systems, more specifically new transaction management concepts for the embedded database, software development on Kotlin/Java, and network security. As a member of the Security Champions team, I ensure the robustness of systems by identifying and fixing security issues.
I am a serial hackathonner and my interests also extend to mentorship, where I guide and support students through workshops and talks, equipping them with the necessary skills and knowledge to excel in their professional journeys.
I am a serial hackathonner and my interests also extend to mentorship, where I guide and support students through workshops and talks, equipping them with the necessary skills and knowledge to excel in their professional journeys.
Other Speakers
The program was full of amazing talks about people, code, trends, and people again. All talks underwent a careful selection process by our program committee. We didn't accept marketing talks and sell slots to sponsors. Only meaningful content, only hardcore.
- Intel Corporation/Principal Engineer and Web Platform Architect, DenmarkBeyond the web of today
#everyone - Accessibility Team Lead at SpurIT, GDE for Web, LithuaniaThere is always a way to fix Accessibility
#frontend #product #qa #engineers - P3.express / PM Coach, BelgiumStrengthen your organization with PM peer reviews
#managers #project - Developer Advocate and Senior Staff Engineer at Sfeir Luxembourg, France
- Developer Relations Engineer at Kadena, LuxembourgHappy Healthy Team
#managers #teamlead #project #product #engineers - CTO, Fedor & Samat, LatviaThe Ideal Working Environment for a Product Development Team: Why It's Impossible and How to Get Closer to It
#managers #product #project #teamlead #engineers - Project Management Author, Speaker, and Adviser, BelgiumP3.express: A Minimalist, libre project management system
#project #product #teamlead #managers - Senior DevOps engineer at Hilbert Team, Serbia#backend #devops #data
- Soft Skills Lab, Founder, SpainHow to build trust through conflict management in cross-cultural teams. Workshop
#managers #teamlead #project #product - QA engineer at JetBrains, GermanyYou need test analysis more than you think
#qa #teamlead #managers - Digitale Methode / Front-end lead, Lagos/PortugalWhat is new in CSS?
#frontend #design - Product designer at Evil Martians, Portugal3 reasons to switch to OKLCH
#frontend #design - DevRel Engineer at Storyblok, NetherlandsDiscover the everyday responsibilities and core values of a DevRel Engineer
#engineers #frontend #teamlead #managers #everyone - DevRel and TechLead in Adservio, FranceFrom Angular to Qwik! The Framework that changes the paradigm
#frontend #backend - Full-Stack .NET/React Developer at Sannsyn, NorwayZero-JavaScript Web Development with Astro
#frontend #engineers - Software Developer at JetBrains, GermanyCost-effective Selenium infrastructure
#qa #devops #backend - Product Designer at Revolut, PortugalInside Out - The Design of Internal Tools
#product #project #design - ADEO Marketplace Digital Leader, FranceDumb ways to fail onboarding into a new company
#managers #teamlead #engineers - Engineering Manager, Digital NomadEnhancing Cross-Team Contributions: InnerSource Tools and Practices
#backend #devops #qa #teamlead #engineers - Founder of 4xxi, SpainHow can software developers survive in a Brave New World?
#backend #frontend #engineers - Engineering Manager at ManyChat, BarcelonaThe Highway to Becoming the Best Developer
#backend #frontend #engineers - Senior Automation QA Engineer at JetBrains, Netherlands
- Sr. Product Manager Machine Learning at booking.com, NetherlandsNine lessons I learned working with ML products
#product #data #project #managers - GDE Angular, GitHub Star, GermanyImprove your Teams Productivity Using Nx
#backend #devops #frontend #qa #teamlead #engineers - Software engineer and security champion at JetBrains, NetherlandsHacking the native clients OAuth 2.0 - is this system safe?
#backend #frontend #mobile - Senior Full-stack Engineer at EQT Group @ Motherbrain, SwedenWebAuth and Passkeys: The future of authentication
#frontend #engineers - CTO at ManyChat, UKIndividual Contribution and Team Responsibility: myths and reality
#managers #teamlead #project #product - Team Lead at Automattic, LithuaniaHow to Test BigData/ETL Solutions?
#qa #data #devops #engineers - Developer Advocate at DataStax, GermanyHandling Dozens Millions of Queries per Second: Titan's Experience of peer-to-peer NoSQL
#backend #data #devops #engineers - Product designer at Revolut, PortugalHow to research without a researcher
#product #project #managers #engineers - Founder of AMGROWTH, CyprusProduct Scrum: Stop Dropping the Ball Between Product and Dev Teams
#managers #teamlead #project #product #engineers - Exness/Security Architect in Infrastructure Security, CyprusSensitive data active catalog. How to control sensitive data in real time
#backend #devops #data - Director of Engineering at FerretDB, Germany
- Software Engineer at Booking.com, NetherlandsA Software Engineer's Journey Through Microservices Data Sharing
#backend #frontend #engineers - Systems and Application Architect at Novu, Israel
- Flutter Lead Developer, Devexperts, LisboaHow ChatGPT and Copilot can help us to be better developers
#engineers #backend #frontend #mobile - Principal Software Engineer at Amwell, USAIncomplete guide to build non-working microservices platform
#backend #devops #engineers #teamlead - Head of Product at Fox&Owl Energy Experts, GermanyHow to re-invent your product in a market crisis?
#product #project #teamlead #managers - CTO, ClickHouse, NetherlandsBuilding Analytical App From Scratch With ClickHouse
#backend #data #engineers #teamlead - Technical Leader at WebPros, BulgariaFrom Zero to Production: A Lightning Talk about our WebAssembly journey
#frontend #backend #teamlead #engineers
Partners
