The Melbourne Identity and Security Meetup is an informal evening open to all. We start with food, drink, and mingling, followed by two talks. The evening ends with a networking session at a local venue.
Please arrive at about 6.00pm for a 6.30pm start.
We value diversity and operate a strict code of conduct, for the comfort of all our members.
## Combating CSRF Attacks: A bird's-eye view - Tharindu Edirisinghe
Cross-Site Request Forgery (CSRF) is an attack outlined in the OWASP Top 10 where a malicious website could trick a user to send unintended requests to a web application where the user is already authenticated and access the functionality in the target web application via the victim's browser. Regardless of how strong the authentication mechanisms are used in web applications, exploiting a CSRF vulnerability would lead attackers to gain access to the systems and cause severe damage. Therefore it is crucial that modern web applications should be resilient to such attacks. During this session, we will be looking at identifying CSRF vulnerabilities, exploiting them and fixing them using the proven security architectural patterns.
Tharindu is a PhD research scholar at La Trobe University, working on designing privacy focused software engineering processes for General Data Protection Regulation (GDPR) compliance. Prior to that he worked at WSO2, developing the open source WSO2 Identity Server product and also as a lead in the Platform Security Team. He is a co-founder of Colombo White Hat Security Meetup, the largest cyber security and IAM meetup in Sri Lanka with 1000+ participants.
## All The Flows - Ben Dechrai
What's the difference between Authcode Flow and Implict Flow? Why can you do Authcode with and without PKCE? What is Device Flow? And Client Credentials Flow? OAuth and OpenID Connect provide a number of ways to manage authentication and authorisation, and this talk breaks the main ones down.
Ben Dechrai is a technologist with a staunch focus on security and privacy. This started at the age of 11, when he wrote software to stop his mum from breaking the family PC, and resulted in his working as a developer advocate for Auth0. He enjoys helping developers find the joy of experimentation, from ethical skulduggery to subversive automation, and can be found on Twitter and Instagram at @bendechrai.