Presented at
Global AppSec - DC 2019,
Sept. 12, 2019, 3:30 p.m.
(45 minutes)
According to the 2019 Verizon Data Breach Investigation Report, 81% of breaches were caused by weak, stolen or reused passwords. But what if you NEVER had to deal with passwords in the first place? For the past several years, security experts across the industry have been working on a robust authentication protocol that does not involve passwords. The result is a specification called WebAuthn, which is now an official W3C web standard. With WebAuthn, developers can build secure web applications that enable users to experience password-less logins. In this session, we will explain how WebAuthn works and show how developers can leverage it using a demo.
Presenters:
-
Murali Vadakke Puthanveetil
- Microsoft
Murali Vadakke Puthanveetil works as a Security Engineer at Microsoft and a previous speaker at AppSec USA. He is particularly interested in figuring out authentication and authorization logic used by web applications.
-
Krishna Chaitanya Telikicherla
- Microsoft
Krishna Chaitanya Telikicherla works as a Security Engineer at Microsoft. He is passionate about application security, with specific interest in static code analysis. He also loves to play around with security and identity controls in Asp.net and Azure. Krishna blogs at https://novogeek.com and tweets as @novogeek.
Links:
Similar Presentations: