Відео

Hello😊

My brand account url dns is not working

Great explaination

Way to go, Allison! Thanks for breaking down these concepts while adding in a Rick-Roll to boot!

21:47 "Phising defences: does not require human judgement" Yes lets hid the information so the user can't see it.

Hiding the HTTPS:// part Sounds like bullsh*t to me. It was "Emily Schechter" and now it is "Emily Stark" at it who wants to dumbed it down feven urther with just showing the search term. I have seen fake payment portals still get around the certificates and was maked safe.

Outstanding presentation, thanks a lot.

02:07 the URLelephant in the room 03:38 scheme is supposed to represent connection security 05:08 scheme

22:50 I don't how hard can it be to send an API's authorization header only to the API that the token belongs to. Couldn't we ignore Angular if it makes stuff so hard? Calling the endpoint with proper headers using Vanilla.js Fetch API is pretty straightforward.

I saw the OWAZP demonstration on youtube and it is very informative. I am new to security testing as my experience is in software development. I have a question regarding OWAZP dependency check. Should we execute the OWASP dependency check on published dlls/binaries or on actual project files Consider the following two scenarios? I have a .Net core project. The actual source code containers .csproject and .cs files. But if we publish, we will get a folder with dlls only which is going to be deployed in the IIS virtual directory. The virtual directory is the one that is going to be exposed to the external world. I have an angular project and in that, a lot of npm modules are installed. But if we publish, we will get a small subset of javascript files which is going to be deployed in a web server. In both cases, if we run the dependency check, we will get a lot of warning/issues in reports. So my question, where exactly should we execute our scan? In the original repository or the output binaries? What will be rational for the decision? It will be great if I could get some pointers in this as I couldn't find any answer in stack overflow or similar blogs. Thanks in advance.

we really probably should talk about the DNS Empire at some point, would love to hear Emily's thoughts

In this presentation Philippe clears a confusing concept of reference token and self contained token flows

Keep it up, great video! Did you ever see zmsocial`dot’com!? You should use it to help get your videos higher in the search results!

Can't hear you!

Dear Sir, Any slides related to this presentation?

This was hella interesting. Thanks a lot to Troy for linking this!

"Application developers should use a lockfile (package-lock.json or yarn.lock) to prevent the auto-install of new packages." - one of the recommendations from ESlint breach. Even if it's a pull request it will be too hard to find the 1 line of code that caused it before committing to master.

Great presentation. Troy is a great speaker.

Amber Rudd and Malcom Turnbull in Australia haven’t got a fucking clue how encryption works or how tech works at all... I’m waiting for the day the try to force Apple (like the FBI tried ) and told the to fuck off

Great talk Dev!