Presented at
AppSec USA 2015,
Sept. 24, 2015, 10:30 a.m.
(55 minutes).
In this presentation, we will provide the OWASP audience the necessary insights in this emerging Web technology, and discuss the various security aspects of WebRTC. This content is based on a recent study of the Web Security specifications the author has been conducting together with researcher from W3C, IETF and SAP.
Firstly, the overall WebRTC architecture will be presented, and the enabling technologies (such as STUN, TURN, ICE and DTLS-SRTP) will be introduced. This architecture will be illustrated in multiple deployment scenarios. As part of this description, the basic security characteristics of WebRTC will be identified.
Secondly, we will discuss how the new WebRTC technology impacts the security model of the current Web. They will highlight some of the weaknesses they have spot during their security assessment, as well as discuss the open security challenges with the WebRTC technology.
Presenters:
-
Lieven Desmet
- Research Manager - imec-DistriNet-KU Leuven
Lieven Desmet is Research Manager on Software Secure at the imec-DistriNet Research Group (KU Leuven, Belgium), where he coaches junior researchers in web application security and participates in dissemination and valorization activities. His interests are in security of middleware and web-enabled technologies. Lieven is actively engaged in OWASP and is board member of the OWASP Chapter Belgium.
-
Martin Johns
- Research Expert - SAP SE
Dr. Martin Johns is a Research Expert in the Product Security Research unit within SAP SE, where he leads the Web application security team. Furthermore, he serves on the board of the German OWASP chapter. Before joining SAP, Martin studied Mathematics and Computer Science at the Universities of Hamburg, Santa Cruz (CA), and Passau. During the 1990ties and the early years of the new millennium he earned his living as a software engineer in German companies (including Infoseek Germany, and TC Trustcenter). He holds a Diploma in Computer Science from University of Hamburg and a Doctorate from the University of Passau. Martin has a track record of 8+ years applied WebAppSec research, published more than 20 papers on the subject, and is a regular speaker at international security conferences, incl. the OWASP AppSec series, Black Hat, Usenix Security, CCS, PacSec, HackInTheBox, RSA Europe, or the CCC Congress. More information can be found at http://martinjohns.com
Links:
Similar Presentations: