Join 4,000+ technologists, decision makers and community members in Raleigh, NC

October 13 - 15

Register

Security

2-for-1: An Introduction to PASETO Tokens / Don’t Ignore those GitHub Security Alerts. Automate them into your workflow.

Randall Degges    Rosalie Bartlett   

Randall Degges – An Introduction to PASETO Tokens – (Introductory/Intermediate)

JSON Web Tokens (JWTs) have become ubiquitous in the web authentication landscape over the last four years. In this talk, I’ll introduce you to their successor: PASETO tokens (platform agnostic security tokens).

PASETO takes the best parts of the JWT spec and removes the rest. PASETO is a much simpler, more secure, and easier to use version of the JWT spec that makes cryptographers happy reduces risk for developers like you.

In this talk you’ll learn what PASETO tokens are, how they work, and how to use them in your applications.

Rosalie Bartlett – Don’t Ignore those GitHub Security Alerts. Automate them into your workflow.

Open source projects are vulnerable to exploits just like any code is. Recent high-profile vulnerabilities in open source code, including Moment.js, Lodash, and PostgreSQL, have highlighted the importance of code quality that can impact the security of open source code in production. GitHub recently made security vulnerability information available for your projects on GitHub. How can you connect the dots to make your use of open source secure?

This talk will highlight some best practices that your Open Source Program Office (OSPO) can use to manage security vulnerabilities for open source projects using GitHub’s security alerts at scale. We’ll discuss the mechanics and governance around the process we’ve set up at Verizon Media to notify internal employees about CVEs on their projects.