Wednesday
Room 3
16:20 - 17:20
(UTC+01)
Talk (60 min)
Secure System Integrations
Integrations between backend services, without human interaction, is a requirement for most businesses.
Over the years this has been done in many ways, using e g file transfers, message buses and APIs to fit business requirements, compliance and relevant threat models. Some solutions are less secure than others and integrations often introduce risk and attack vectors.
This presentation addresses infrastructure and application layer defenses to meet high security requirements for common types of integrations. In particular for HTTP APIs - from HTTPS, API-keys and Basic Authentication to OAuth2 with mutual TLS, Private Key JWT and DPoP.
Tobias Ahnoff
Tobias Ahnoff is an experienced .NET developer and architect with focus on application security. He specializes in implementing authentication flows and authorization for web applications and APIs that manage sensitive data in the bank, finance, and health sectors.
Tobias performs security reviews and penetration tests as part of Omegapoint Cybersecurity Gothenburg, a group of experts in application security. He also gives courses in application security and is an appreciated speaker in OAuth2 and OpenID Connect areas.