2016 Speaker Proposal: Behind Closed Doors: Managing Passwords in a Dangerous World by Noah Kantrowitz

2016 Speaker Proposal: Behind Closed Doors: Managing Passwords in a Dangerous World by Noah Kantrowitz

Description

A modern application has a lot of passwords and keys floating around. Encryption keys, database passwords, and API credentials; often typed in to text files and forgotten. Fortunately a new wave of tools are emerging to help manage, update, and audit these secrets. Come learn how to avoid being the next TechCrunch headline.

Abstract

Secrets come in many forms, passwords, keys, tokens. All crucial for the operation of an application, but each dangerous in its own way. In the past, many of us have pasted those secrets in to a text file and moved on, but in a world of config automation and ephemeral microservices these patterns are leaving our data at greater risk than ever before.

New tools, products, and libraries are being released all the time to try to cope with this massive rise in threats, both new and old-but-ignored. This talk will cover the major types of secrets in a normal web application, how to model their security properties, what tools are best for each situation, and how to use them with major web frameworks.


Noah KantrowitzNoah Kantrowitz is a web developer turned infrastructure automation enthusiast, and all around engineering rabble-rouser. By day he builds tools and teaches, and by night he works with the Python Software Foundation infrastructure team. He is an active member of the Chef community, and enjoys merge commits, cat pictures, and beards.

Leave a Reply

Search
Archives
Calendar
August 2017
M T W T F S S
« Apr    
 123456
78910111213
14151617181920
21222324252627
28293031