Cant see the slides

Okay thanks

The part where talks about spoofing a ship's gps signal really made me think of the Key bridge incident. I'm not saying it was hacked, but the fact that it's possible is mind boggling.

Great talk by 4 great people. I'm fortunate to know Aubrey for years and have met with Cameron and Dan and looking forward to meeting Corey some day. Thanks for putting this content out, well worth my time.

Thanks for sharing! However do you have a tutorial which implements Backend For Frontend (BFF) framework with Authorization code with PKCE in addition to this tutorial? It is unsafe to store access token on browser.

Actually, you've been publishing videos for the past 9 years, and you're still posting them today. You don't have many subscribers, but you're incredibly strong and patient.

That's the reason why WAF and API Gateway are never be enough.....

how to login and owasp mail password

excellent insights in this presentation, thanks for sharing

I don't agree with the conclusion of this talk. The whole point of BFF and http-only auth cookies is to prevent an attacker that has gained acces to execute js code through an xss attack, to steal the auth-token from your storage and thereby execute requests on your behalf. If an attacker has managed to sucessfully gain access, he can execute api calls directly from the clients browser with or without bff.

superb! you guys are awesome! Keep up the good work!

1 question Have anyone know webuy0day website or something (relax I just asking😅😅😅)

one of the worst presentation ever seen!

couldn't read anything on the screen. should present it in full screen mode because that's the important part

Awesome. But It's almost 4.5 years, when can we expect this as Open Source :(

Thanks :)

how did you find that password?

Great conversation.

FIDO2 with keys and credentials generated by the user himself/herself is more private and you don't need to give up your face, phone number or email etc. Great!

In non-cloud, like a dedicated nginx server, can we integrate coraza?

I JUST WANT TO GET INTO MY DAMN CAR WITHOUT PAYING 500 BUCKS FOR A KEY!!!

The more I watch this man’s videos the more I respect him.

Legends without cars are watching ❤❤

but most of all samy is my hero

Super clean and to the point. Thanks!

👀

Still rocks🤞

Thanks a lot, great explanation

what if Cookies are set to lax but Access Control Allow Credentials is being sent as true. As Lax does not allow cookies to be set in XHR requests. how will the cookies be sent?

Promo_SM

Blessing

All well said - how about some suggestions on how to protect yourself from key fob attacks? A simple one is to shield the key fob with a simple faraday cage, such as an aluminum foil, while at home or in the parking lot, if it comes to that.

Excellent keynote!

can you please provide the link to the mentioned web series?

Super

Nice and great explanation ❤

Your keynote speaker, Jackie Singh, was fired from the Biden Administration for her history of racist and homophobic troll posts made while a member of the White supremacist group GNAA. She was also alleged to have engaged in sexual activity with minors and sent them nudes in exchange for help in her "hacking", she doxxed the identity and location of a 13 year old girl ( Loli Chan) putting her in danger from predators because she was jealous of the attention she was getting, and she is currently living in Puerto Rico, where she is hiding from her hundreds of thousands of dollars in debt to the IRS and other creditors.

Explain why you hosted Jackie Singh please, a literal known troll and racist debt fraudster? Oh I'm sure she'll just tell you we're "trolls". Quite convenient. Do your research.

He is high, pretty sure.

thank u

Can you please show full video of setting up a Coraza with coreruleset on go web app.

NO OWASP LITTLE BABY CHILD!!! YOU WILL LET ME COMMENT ON THE JACKIE VIDEO CHILD OR YOU WILL GO TO PRISON FOR THE CYBERCRIME OF ATALKING! ENJOY PRISON STALKER!

You guys really didn't even do an ounce of research on old Jackie before giving her a spot at the conference, huh? Pretty ironic.

This is video is 9 years ago do you have an updated video? Like maybe something thats more recent like 2023?

You talked about android and iphone, what about a phone that has GRAPHINE OS installed on it?

That intro was headache inducing, but I love the talk. :)

Great explanation, Thanks! I don't understand why using BFF is safer. An attacker could still steal the browser's cookies and compromise the system. That is, it indirectly continues to use the tokens.

hey. just watched one of your videos and in it you speak about a toy called im me. any chance you have one spare to send to the uk please.