The part where talks about spoofing a ship's gps signal really made me think of the Key bridge incident. I'm not saying it was hacked, but the fact that it's possible is mind boggling.
@DominusEstOK28 днів тому
Great talk by 4 great people. I'm fortunate to know Aubrey for years and have met with Cameron and Dan and looking forward to meeting Corey some day. Thanks for putting this content out, well worth my time.
@shanescad238428 днів тому
Thanks for sharing! However do you have a tutorial which implements Backend For Frontend (BFF) framework with Authorization code with PKCE in addition to this tutorial? It is unsafe to store access token on browser.
@JangapallyPavani-ri9wpМісяць тому
Actually, you've been publishing videos for the past 9 years, and you're still posting them today. You don't have many subscribers, but you're incredibly strong and patient.
@MayKongphromМісяць тому
That's the reason why WAF and API Gateway are never be enough.....
@advanology1944Місяць тому
how to login and owasp mail password
@orochi632924 дні тому
?
@shikidaМісяць тому
excellent insights in this presentation, thanks for sharing
@tombalabomba3084Місяць тому
I don't agree with the conclusion of this talk. The whole point of BFF and http-only auth cookies is to prevent an attacker that has gained acces to execute js code through an xss attack, to steal the auth-token from your storage and thereby execute requests on your behalf. If an attacker has managed to sucessfully gain access, he can execute api calls directly from the clients browser with or without bff.
@MrMaefiuМісяць тому
superb! you guys are awesome! Keep up the good work!
@light9017Місяць тому
1 question Have anyone know webuy0day website or something (relax I just asking😅😅😅)
@jamescheng12162 місяці тому
one of the worst presentation ever seen!
@jamescheng12162 місяці тому
couldn't read anything on the screen. should present it in full screen mode because that's the important part
@user-xy3pr3ee5s2 місяці тому
Awesome. But It's almost 4.5 years, when can we expect this as Open Source :(
@shubham_srt2 місяці тому
Thanks :)
@norsie452 місяці тому
how did you find that password?
@Douglas_Gillette2 місяці тому
Great conversation.
@btdoe32592 місяці тому
FIDO2 with keys and credentials generated by the user himself/herself is more private and you don't need to give up your face, phone number or email etc. Great!
@neilfpv2 місяці тому
In non-cloud, like a dedicated nginx server, can we integrate coraza?
@zufar_dhiyaulhaqМісяць тому
I suggest replacing nginx with envoy, it’s much easier to integrate
@jbodden69773 місяці тому
I JUST WANT TO GET INTO MY DAMN CAR WITHOUT PAYING 500 BUCKS FOR A KEY!!!
@haythamkt56073 місяці тому
The more I watch this man’s videos the more I respect him.
@JohnWalker-2563 місяці тому
Legends without cars are watching ❤❤
@xperseai3 місяці тому
but most of all samy is my hero
@rapha55863 місяці тому
Super clean and to the point. Thanks!
@michelians11483 місяці тому
👀
@Pem73 місяці тому
Still rocks🤞
@osematouati24304 місяці тому
Thanks a lot, great explanation
@shubham_srt4 місяці тому
what if Cookies are set to lax but Access Control Allow Credentials is being sent as true. As Lax does not allow cookies to be set in XHR requests. how will the cookies be sent?
@somebody3014Місяць тому
wondering about the same thing, did you find the answer?
@shubham_srtМісяць тому
@@somebody3014 Hey man, Lax settings are prioritised. Even if one condition is false, the cookies are not sent. So in my question cookies will not be sent as even Allow Credentials are true, Cookies are LAX (one true condition and one false) No cookies will be sent. Hope that clears the doubt.
@kaybuellmann12934 місяці тому
Promo_SM
@evapaz63104 місяці тому
Blessing
@KLWCOMM4 місяці тому
All well said - how about some suggestions on how to protect yourself from key fob attacks? A simple one is to shield the key fob with a simple faraday cage, such as an aluminum foil, while at home or in the parking lot, if it comes to that.
@luispereira6285 місяців тому
Excellent keynote!
@diffiller5 місяців тому
can you please provide the link to the mentioned web series?
@digitechwebsource5 місяців тому
Super
@venkatraohyd5 місяців тому
Nice and great explanation ❤
@doesitmatter90855 місяців тому
Your keynote speaker, Jackie Singh, was fired from the Biden Administration for her history of racist and homophobic troll posts made while a member of the White supremacist group GNAA. She was also alleged to have engaged in sexual activity with minors and sent them nudes in exchange for help in her "hacking", she doxxed the identity and location of a 13 year old girl ( Loli Chan) putting her in danger from predators because she was jealous of the attention she was getting, and she is currently living in Puerto Rico, where she is hiding from her hundreds of thousands of dollars in debt to the IRS and other creditors.
@Amfortas5 місяців тому
Explain why you hosted Jackie Singh please, a literal known troll and racist debt fraudster? Oh I'm sure she'll just tell you we're "trolls". Quite convenient. Do your research.
@cp_2005 місяців тому
He is high, pretty sure.
@AAA-rk2fj5 місяців тому
thank u
@nurmuhammetallanov91805 місяців тому
Can you please show full video of setting up a Coraza with coreruleset on go web app.
@zufardhiyaulhaq1464 місяці тому
I guess it's all in the video, what do you need more?
@nurmuhammetallanov91804 місяці тому
@@zufardhiyaulhaq146, well try to setup it up, then you understand my kind request.
@arkhantheblack44265 місяців тому
NO OWASP LITTLE BABY CHILD!!! YOU WILL LET ME COMMENT ON THE JACKIE VIDEO CHILD OR YOU WILL GO TO PRISON FOR THE CYBERCRIME OF ATALKING! ENJOY PRISON STALKER!
@n0pe5785 місяців тому
You guys really didn't even do an ounce of research on old Jackie before giving her a spot at the conference, huh? Pretty ironic.
@jonnygiantrobot5 місяців тому
This is video is 9 years ago do you have an updated video? Like maybe something thats more recent like 2023?
@jonnygiantrobot5 місяців тому
You talked about android and iphone, what about a phone that has GRAPHINE OS installed on it?
@RR-hl6zi5 місяців тому
That intro was headache inducing, but I love the talk. :)
@gustabart5 місяців тому
Great explanation, Thanks! I don't understand why using BFF is safer. An attacker could still steal the browser's cookies and compromise the system. That is, it indirectly continues to use the tokens.
@officialJoldag5 місяців тому
I think, it's because you are able to set the cookie with httponly, so it is not accessible via scripts.
@jaymelv46475 місяців тому
hey. just watched one of your videos and in it you speak about a toy called im me. any chance you have one spare to send to the uk please.