Account Security beyond 2FA with Neil Matatall
▬▬▬▬▬▬ EPISODE SPONSOR🔥 ▬▬▬▬▬▬
From Cloud security to DevSecOps. From Kubernetes to Threat Modeling. It's all your AppSec learning in one place. START A FREE TRIAL. AppSec Engineer Training Platform: https://bit.ly/ae_devslop
▬▬▬▬▬▬ 📝 ABSTRACT & BIO ▬▬▬▬▬▬
Account security shouldn’t stop at multi-factor authentication. A significant majority of people simply will not use it. Password hygiene is a task even security people struggle with. Credential stuffing attacks are a big problem for everyone. So why stop at MFA?
This talk will describe simple, repeatable things you apply almost anywhere to put an end to automated mass account takeovers at scale.
NEIL MATATALL
Neil Matatall is a developer that has spent most of his career in application security. He has experienced a wide variety of company cultures, tech stacks, and company sizes. He has participated, led, and managed engineering teams. His passion for coding helped him add an engineering aspect to security work. This includes being an early adopter of security automation, authoring library and framework code, enhancing authentication stacks, and more at GitHub and Twitter. Neil will soon work on the Authentication Authorization and Access Control team at ActBlue.
▬▬▬▬▬▬ 🔗 LINKS ▬▬▬▬▬▬
SLIDES: https://bit.ly/35dcTm0
➼https://github.blog/2018-07-31-new-improvements-and-best-practices-for-account-security-and-recoverability
➼https://www.theregister.com/2021/08/12/git_proxyshell_gigabyte/
➼Two factor enrollment data: https://docs.google.com/spreadsheets/d/1mN2TsBVNx2g2KX0yMDlRpLFHgeA9U-YWa9aWyaBdzxU/edit#gid=33824216
➼https://github.blog/changelog/2018-11-27-unrecognized-location-sign-in-notifications/
➼https://github.blog/changelog/2019-07-01-verified-devices/
➼https://developer.github.com/changes/2020-02-14-deprecating-password-auth/
➼https://github.blog/changelog/2020-12-04-oauth-2-0-device-authorization-flow-now-ga/
➼https://github.blog/2020-07-30-token-authentication-requirements-for-api-and-git-operations/
▬▬▬▬▬▬ 🎥 Producer ▬▬▬▬▬▬
Nancy Gariché ► https://www.linkedin.com/in/nancygariche
▬▬▬▬▬▬ 🎙️Hosts ▬▬▬▬▬▬
Nikki Becher ► https://twitter.com/thedeadrobots
Shinesa Cambric ► https://www.linkedin.com/in/shinesa-cambric-cissp-ccsp-cisa%C2%AE-0480685/
Sri Ponnada ► https://twitter.com/sriponnada
▬▬▬▬▬▬ 👋 Connect with Us ▬▬▬▬▬▬
TWITCH ► https://www.twitch.tv/owasp_devslop
INSTAGRAM ► https://www.instagram.com/owaspdevslop/
TWITTER ► https://twitter.com/owasp_devslop
DISCORD ► https://discord.gg/2KzCRcUyek
LINKEDIN ►https://www.linkedin.com/company/owasp-devslop/
Видео Account Security beyond 2FA with Neil Matatall канала OWASP DevSlop
From Cloud security to DevSecOps. From Kubernetes to Threat Modeling. It's all your AppSec learning in one place. START A FREE TRIAL. AppSec Engineer Training Platform: https://bit.ly/ae_devslop
▬▬▬▬▬▬ 📝 ABSTRACT & BIO ▬▬▬▬▬▬
Account security shouldn’t stop at multi-factor authentication. A significant majority of people simply will not use it. Password hygiene is a task even security people struggle with. Credential stuffing attacks are a big problem for everyone. So why stop at MFA?
This talk will describe simple, repeatable things you apply almost anywhere to put an end to automated mass account takeovers at scale.
NEIL MATATALL
Neil Matatall is a developer that has spent most of his career in application security. He has experienced a wide variety of company cultures, tech stacks, and company sizes. He has participated, led, and managed engineering teams. His passion for coding helped him add an engineering aspect to security work. This includes being an early adopter of security automation, authoring library and framework code, enhancing authentication stacks, and more at GitHub and Twitter. Neil will soon work on the Authentication Authorization and Access Control team at ActBlue.
▬▬▬▬▬▬ 🔗 LINKS ▬▬▬▬▬▬
SLIDES: https://bit.ly/35dcTm0
➼https://github.blog/2018-07-31-new-improvements-and-best-practices-for-account-security-and-recoverability
➼https://www.theregister.com/2021/08/12/git_proxyshell_gigabyte/
➼Two factor enrollment data: https://docs.google.com/spreadsheets/d/1mN2TsBVNx2g2KX0yMDlRpLFHgeA9U-YWa9aWyaBdzxU/edit#gid=33824216
➼https://github.blog/changelog/2018-11-27-unrecognized-location-sign-in-notifications/
➼https://github.blog/changelog/2019-07-01-verified-devices/
➼https://developer.github.com/changes/2020-02-14-deprecating-password-auth/
➼https://github.blog/changelog/2020-12-04-oauth-2-0-device-authorization-flow-now-ga/
➼https://github.blog/2020-07-30-token-authentication-requirements-for-api-and-git-operations/
▬▬▬▬▬▬ 🎥 Producer ▬▬▬▬▬▬
Nancy Gariché ► https://www.linkedin.com/in/nancygariche
▬▬▬▬▬▬ 🎙️Hosts ▬▬▬▬▬▬
Nikki Becher ► https://twitter.com/thedeadrobots
Shinesa Cambric ► https://www.linkedin.com/in/shinesa-cambric-cissp-ccsp-cisa%C2%AE-0480685/
Sri Ponnada ► https://twitter.com/sriponnada
▬▬▬▬▬▬ 👋 Connect with Us ▬▬▬▬▬▬
TWITCH ► https://www.twitch.tv/owasp_devslop
INSTAGRAM ► https://www.instagram.com/owaspdevslop/
TWITTER ► https://twitter.com/owasp_devslop
DISCORD ► https://discord.gg/2KzCRcUyek
LINKEDIN ►https://www.linkedin.com/company/owasp-devslop/
Видео Account Security beyond 2FA with Neil Matatall канала OWASP DevSlop
Показать
Комментарии отсутствуют
Информация о видео
Другие видео канала
![Embrace Secure Defaults, Block Anti-patterns, and Kill Bug Classes with Semgrep with Clint Gibler](https://i.ytimg.com/vi/GoeONtFx0bA/default.jpg)
![How to Analyze Code for Vulnerabilities using Joern](https://i.ytimg.com/vi/qtGRNb_2Khs/default.jpg)
![OWASP DevSlop Show: Rapid Threat Model Prototyping with Geoffrey Hill!](https://i.ytimg.com/vi/6eUlRVzcbaU/default.jpg)
![DevSlop Game Day Recap & Solution with Renan Dias](https://i.ytimg.com/vi/1py6iNroHBM/default.jpg)
![Privilege Escalation in the Cloud with Carlos Polop](https://i.ytimg.com/vi/DHLuUVx32RI/default.jpg)
![Threats Against Application Identities in the Microsoft Cloud](https://i.ytimg.com/vi/heHiv6nLrFA/default.jpg)
![The Act of Balancing: Burnout in Cybersecurity with Chloé Messdaghi!](https://i.ytimg.com/vi/5H2-wvn0UbA/default.jpg)
![Github Actions Security Best Practices with Reethi Kotti](https://i.ytimg.com/vi/B5X_2q_ko5U/default.jpg)
![Containers in a nutshell — ähm pod! Containers in a pod](https://i.ytimg.com/vi/1nUoIFSon50/default.jpg)
![Knock Your SOCs Off: Modernizing Security Operations with Kat Sweet!](https://i.ytimg.com/vi/0-5mHRwvZ7w/default.jpg)
![Shifting Cloud Security Left: Scanning Infrastructure as Code for Security Issues](https://i.ytimg.com/vi/mw-mEnLxNj4/default.jpg)
![Logging & Monitoring on AWS 101 with Veliswa Boya! - OWASP DevSlop](https://i.ytimg.com/vi/5YbAqXiHkMM/default.jpg)
![AppSec at the Speed of DevOps: 3 Common Mistakes with Erica Anderson!](https://i.ytimg.com/vi/ExL_DT0Jhwc/default.jpg)
![GitOps and Best Practices for Managing Infrastructure with Javeria Khan!](https://i.ytimg.com/vi/7jgLqlysuxo/default.jpg)
![Vulnerability Writeups: The Magical 5 Minute Formula](https://i.ytimg.com/vi/xGRF715ElAw/default.jpg)
![Ceci n'est pas une Pipeline: is it CI/CD or WHAT?](https://i.ytimg.com/vi/VeKqDWALWBc/default.jpg)
![Compromised Compilers - A new perspective of supply chain cyber attacks](https://i.ytimg.com/vi/55kaaMGBARM/default.jpg)
![Automating Cloud Security with Open Policy Agent with Josh Stella! - OWASP DevSlop](https://i.ytimg.com/vi/mRT41T7eQQg/default.jpg)
![Cloud Security and IAM for Developers](https://i.ytimg.com/vi/juGTP9A6VMI/default.jpg)
![Yellow Team + Blue Team = Green Team](https://i.ytimg.com/vi/6fkz_3lU1Ic/default.jpg)