Loading…
This event has ended. View the official site or create your own event → Check it out
This event has ended. Create your own
View analytic
Wednesday, January 25 • 3:00pm - 3:50pm
"Stealth" Authentication - how to not leak information to hackers in web application authentication

Sign up or log in to save this to your schedule and see who's attending!

Web application authentication systems often unnecessarily leak valuable information to hackers and thus enable user enumeration, denial of service and attacks on authentication factors.

The talk shows where information is leaked and how this can be prevented. Further, a simple and effective way of preventing denial of service attacks based on account locking is shown.

Giving real-world examples, the term "side-channel-safe" second factor is introduced and it is shown how this property influences the security of the overall authentication scheme.

The talk closes with usability considerations and what features a well designed "stealth authentication system" should provide.

Speakers
avatar for Marc Bütikofer

Marc Bütikofer

Director Innovation, Ergon Informatik AG
Marc Buetikofer serves as Director Innovation and CTO for Airlock, a leading Swiss web application security suite provided by the company Ergon Informatik AG in Zurich. | | After joining Ergon Informatik in 2000 he provided numerous security engineering projects with his expertise before leading the development of Airlock IAM - one of the most used security solutions in Switzerland. | | Marc holds a M.Sc. in Computer Science from ETH Zurich.



Wednesday January 25, 2017 3:00pm - 3:50pm
Terrace Lounge

Attendees (16)