We're sorry but this page doesn't work properly without JavaScript enabled. Please enable it to continue.
Feedback

Behind Closed Doors: Managing Passwords in a Dangerous World

00:00

Formal Metadata

Title
Behind Closed Doors: Managing Passwords in a Dangerous World
Title of Series
Part Number
16
Number of Parts
169
Author
License
CC Attribution - NonCommercial - ShareAlike 3.0 Unported:
You are free to use, adapt and copy, distribute and transmit the work or content in adapted or unchanged form for any legal and non-commercial purpose as long as the work is attributed to the author in the manner specified by the author or licensor and the work or content is shared also in adapted form only under the conditions of this
Identifiers
Publisher
Release Date
Language

Content Metadata

Subject Area
Genre
Abstract
Noah Kantrowitz - Behind Closed Doors: Managing Passwords in a Dangerous World A modern application has a lot of passwords and keys floating around. Encryptions keys, database passwords, and API credentials; often typed in to text files and forgotten. Fortunately a new wave of tools are emerging to help manage, update, and audit these secrets. Come learn how to avoid being the next TechCrunch headline. ----- Secrets come in many forms, passwords, keys, tokens. All crucial for the operation of an application, but each dangerous in its own way. In the past, many of us have pasted those secrets in to a text file and moved on, but in a world of config automation and ephemeral microservices these patterns are leaving our data at greater risk than ever before. New tools, products, and libraries are being released all the time to try to cope with this massive rise in threats, both new and old-but- ignored. This talk will cover the major types of secrets in a normal web application, how to model their security properties, what tools are best for each situation, and how to use them with major web frameworks.
CodeComputerPasswordToken ringComputer fileKey (cryptography)Perturbation theorySpectrum (functional analysis)MathematicsRotationTrailSurfaceRootLeakLaptopBackupForceBit rateLimit (category theory)DatabaseSpectrum (functional analysis)Source codeUtility softwareMultiplication signEntropie <Informationstheorie>PasswordTransport Layer SecurityComputing platformCategory of beingMathematical analysisInformation securityBitFrequencyWordCustomer relationship managementGastropod shellOpen sourceRevision controlDerivation (linguistics)InferenceCartesian coordinate systemWeb serviceRelational databaseRight angleRow (database)Mechanism designCoordinate systemInformationFunctional (mathematics)Physical systemProxy serverError correction modelArithmetic meanSpeech synthesisRepository (publishing)MereologySequenceWritingServer (computing)InternetworkingWeb 2.0Point (geometry)CASE <Informatik>Semantics (computer science)Data structureStatisticsNatural numberEndliche ModelltheorieLatent heatPhysical lawPlastikkarteInformation privacyHypothesisINTEGRALSystem administratorTheorySign (mathematics)Web-DesignerLogical constantHybrid computerNormal operatorOperator (mathematics)Type theorySoftware frameworkPoint cloudElliptic curveToken ringPerturbation theoryGroup actionMathematicsEncryptionDichotomyMotion captureTwitterKey (cryptography)CodeAuthenticationLoginIrreversibler ProzessString (computer science)LaptopCodeHash functionProcess capability indexLine (geometry)System callLeakQuicksortData storage deviceRenewal theoryPublic key certificateForcing (mathematics)Standard deviationCuboidObject-oriented programming2 (number)Bit rateControl flowBoom (sailing)Limit (category theory)Web applicationComputer scienceGrand Unified TheoryFigurate numberSphereGame controllerCloningLevel (video gaming)SurfaceTable (information)Pearson product-moment correlation coefficientRotationVulnerability (computing)Fault-tolerant systemCountingNP-hardView (database)Computer animationLecture/Conference
DatabaseLeakIntegrated development environmentVariable (mathematics)Mobile appInformation securityWeb serviceCodeRootOvalMiniDiscEncryptionLaptopPower (physics)Computer fileDigital filterCryptographyServer (computing)Symmetric matrixTurtle graphicsPiSchlüsselverteilungIdentity managementKey (cryptography)PressurePublic-key cryptographySymmetric-key algorithmCartesian coordinate systemTheoryRun time (program lifecycle phase)CuboidData structurePhysical systemCASE <Informatik>Vulnerability (computing)Information securityReading (process)Workstation <Musikinstrument>EncryptionType theoryBeta functionLoginMereologyAlpha (investment)Relational databaseCommunications protocolDistributed computingModal logicNatural numberStandard deviationMultiplication signInformation retrievalMetric systemBitBlogDigital electronicsArithmetic meanProduct (business)Contrast (vision)Variance1 (number)Latent heatEqualiser (mathematics)CodeRight angleComputer chessInsertion lossBackupInferenceInheritance (object-oriented programming)Category of beingSet (mathematics)Integrated development environmentWeb serviceServer (computing)BuildingToken ringPoint (geometry)Game controllerKey (cryptography)Subject indexingSoftware developerStatuteContext awarenessCustomer relationship managementRotationDivisorCausalityMobile appSemiconductor memoryData storage deviceLevel (video gaming)Universe (mathematics)Variable (mathematics)SequenceNumberSlide ruleForestAnalogyResultantDifferent (Kate Ryan album)Power (physics)Reverse engineeringGroup actionLine (geometry)Symmetric matrixSurfaceDebuggerQuicksortNamespaceLaptopData conversionOnline helpLeakAnnihilator (ring theory)CryptographyTraverse (surveying)PasswordInclusion mapRoutingAuthenticationSubsetView (database)InjektivitätSequelDirectory serviceHand fanGoodness of fitLogic gateRootError messageSource codeNeuroinformatikRegulator geneHacker (term)CodeSoftware repositoryWeb applicationDatabaseVideo game consoleMiniDiscTurtle graphicsImplementationWeb 2.0RecursionConfiguration spaceComputer animation
Server (computing)Physical systemTransport Layer SecurityMultiplication signEncryptionSound effectComputer animationProgram flowchart
Web serviceComputer fileKey (cryptography)EncryptionElectric generatorWorld Wide Web ConsortiumRevision controlData storage deviceMethodenbankFormal verificationSource codeComputer hardwareIdentity managementClient (computing)Public key certificateTemplate (C++)Customer relationship managementRead-only memoryInstallable File SystemDirected setDemonSynchronizationType theorySurfaceTrailKey (cryptography)Representational state transferMiniDiscData storage deviceSemiconductor memoryCategory of beingContext awarenessBitComputing platformData modelMethodenbankMultiplication signSurfacePublic-key cryptographyEncryptionCustomer relationship managementBit rateTemplate (C++)Electric generatorComputer hardwareProduct (business)Point cloudLatent heatWordSource codeUser interfaceProof theoryRevision controlKnowledge-based configurationServer (computing)WindowConnected spaceSquare numberPhysical systemFront and back endsIdentity managementRoutingInformation technology consultingNP-hardWaveException handlingTraffic reportingQuicksortPoint (geometry)Open sourceType theoryInformation securityCASE <Informatik>Video game consoleMoment (mathematics)Degree (graph theory)Limit (category theory)Internet service providerPublic key certificateClient (computing)PasswordMechanism designInstance (computer science)SoftwareHash functionMathematicsCore dumpFile systemConfiguration spaceMobile appVariable (mathematics)Web serviceWritingDevice driverDistribution (mathematics)Hybrid computerCodeIntegrated development environmentNumberComplete metric spaceTrailAuthenticationMereologyINTEGRALPlanningConfidence intervalStatement (computer science)Shared memoryOrbitEvent horizonMassSequencePlotterMedical imagingEndliche ModelltheorieDigital electronicsSoftware bugProcess (computing)Execution unitParticle systemStandard deviationPattern languageSoftware testingArithmetic meanArithmetic progressionValidity (statistics)DeterminantRewritingUsabilityTheoryBlogData structureSocial classRight angleScaling (geometry)Modal logicStapeldateiEvoluteStructural loadComputer animationLecture/Conference
Transcript: English(auto-generated)