Jump to navigation Jump to content
© Mapbox, © OpenStreetMap

Most Active Speaker

Ben Dechrai

Ben Dechrai

Disaster Prevention Officer

Kansas City, Missouri, United States

Actions

Ben Dechrai is a technologist with a strong focus on security and privacy, recognised as an MVP for his exceptional contributions to the community. Known for his ability to distil complex technical concepts into engaging, digestible portions, Ben empowers developers through a deep understanding of design principles, security considerations, and coding practices. With over two decades of experience in software engineering, security, and architecture, Ben is a published author and has consulted for companies and investors across numerous industries. He is deeply involved in the tech community, running technology conferences and workshops to share his expertise.

Links

Awards

Area of Expertise

  • Information & Communications Technology

Topics

  • IoT
  • Security and IoT
  • Security
  • Application Security
  • web security
  • api security
  • Identity
  • Identity Management
  • Identity and Access Management

Sessions

Build Local-First Apps For The Right Reasons, Securely

In an always-connected world, it's easy to forget that not all users have reliable internet. Rural communities, traveling workers, and developing regions all need apps that work offline. Building local-first applications isn't just a technical choice - it's about making your software accessible to everyone.

But local-first brings complexity across all platforms. Web apps need to handle service workers and cache invalidation securely. PWAs must manage sensitive data across multiple storage mechanisms. Native apps face synchronisation and key management challenges. Each platform introduces unique security considerations that go far beyond simple data encryption.

Through examples and live demonstrations across web, PWA, and native platforms, we'll explore the security landscape of offline-capable apps. You'll see how different platforms handle local storage, where the security boundaries blur, and how to build robust solutions that work everywhere. From secure sync protocols to proper key management, from cache poisoning defences to secure state management, you'll learn patterns that scale across your entire application ecosystem.

Building Rock-Solid Encrypted Applications

Building secure applications requires more than just adding encryption. Through live demos and real-world examples, we'll explore how to properly implement security features like end-to-end encryption, perfect forward secrecy, and secure device migration. You'll see how to protect both data and metadata, at rest and in transit, and learn about the common pitfalls that can compromise seemingly secure systems.

Using a chat application as our example, we'll walk through the evolution from basic encryption to a robust security system. We'll examine how real-world applications handle key management, protect against traffic analysis, and manage secure device enrollment. You'll learn the architectural patterns that make applications truly secure at scale.

Whether you're building a messenger, a document store, or any application that needs to protect user data, you'll leave with practical knowledge of how to implement encryption correctly and make informed security decisions in your own projects.

AI Killed Your Privacy Tools

Your carefully crafted data anonymisation techniques are obsolete. Modern AI models can reconstruct identifiable patterns from 'anonymised' data, breaking privacy guarantees you thought were solid. Through theory and live demonstrations, we'll explore how traditional privacy approaches fall short in an AI-first world, and what practical steps you can take today.

You'll learn why common anonymisation techniques fail, understand core privacy-preserving principles, and see real implementations that better protect user data. We'll explore modern privacy techniques like differential privacy and federated learning, focusing on practical approaches you can implement now. You'll leave with both the knowledge to assess privacy vulnerabilities and concrete tools to address them.

Key takeaways:

- Understanding how AI breaks traditional privacy approaches
- Core principles of privacy-preserving design
- Practical implementation techniques through live demos
- Immediate actions to improve data privacy

Ten Key Steps for Enhanced Web App Security

This talk provides developers with a strategic approach to bolstering web application security. This talk focuses on key areas including securing client-side code, ensuring data integrity, and protecting against web vulnerabilities.

Through practical advice and live demonstrations, attendees will learn how to implement effective security practices across their applications, from managing external data sources to safeguarding user interactions.

Join us, and elevate your frontend security game against the backdrop of today's cyber threats.

Is Application Security an Illusion?

The first worm in cyberspace wasn't just quietly roaming the digital frontier – it was a wake-up call to security issues. Its benign intentions famously backfired, bringing the early Internet to its knees for days!

Fast forward to today, and the cyber landscape is a thriller with a plot that thickens daily. From targeting elections to threatening entire democracies, malicious attacks have taken centre stage in our global narrative!

It's tempting to view this as a dystopian tech saga, where the odds are stacked against us – a world where a thousand rights are overshadowed by a single wrong, a solitary vulnerability. Sounds like a nail-biter, doesn't it?

But let's flip the script and look at the reality. I'm here to lead you through a story of resilience and preparedness, a tale where we're not just bystanders but heroes in our own right. Join me in unravelling why this cyber challenge is not just another cliffhanger but a saga we're well-equipped to conquer and discover how YOU are a key character in this epic cybersecurity adventure.

Fine Grained Authorisation with Relationship-Based Access Control

Who can tag me in a post? If I move this file to another folder, who now has access? If my owner breaks up with his friend, will I still get a bone?

Whether you're a human, or a dog, let's face it, authorisation is hard. Role-based access control is a great starting point but hard to scale. Attribute-based access control scales better, but neither are much good at answering more complex conditions, like whether friends-of-friends can read your posts, or knowing if your dental hygiene is going to suffer. For such situations, we generally have to wrap this up into business logic.

This is where relationship-based access control (ReBAC) comes in, offering a nuanced approach to accessing resources without codifying that into the applications.

In this session, we'll look at how to define these relationships, experience live demos, and discover how we can deploy our own fine-grained authorisation service. Expect some tail-wagging insights and a few laughs as we explore access control from a canine's point of view.

Building Rock-Solid Encrypted Applications (Workshop)

Building secure applications requires more than just adding encryption. Key management, metadata protection, and traffic analysis defences are just some of the challenges you'll need to tackle. This workshop takes you from basic encryption to advanced protection mechanisms. You'll learn how to secure data both at rest and in transit, implement perfect forward secrecy, and handle secure device migration.

Through practical implementations and architectural deep-dives, you'll learn the patterns and practices that make applications truly secure. We'll focus on real-world security engineering, emphasising approaches that work at scale.

You'll learn:
- Basic end-to-end encryption setup
- Group encryption fundamentals
- Metadata protection techniques for data at rest
- Traffic analysis protection and metadata in transit
- Perfect forward secrecy and key rotation
- Secure device migration approaches
- Key management best practices

Through a combination of hands-on implementation and architectural theory, you'll end the workshop having built a working encrypted application and gained the knowledge to make informed security decisions in your own projects.

Prerequisites
Familiarity with JavaScript and basic API consumption. Experience building web applications is helpful but not required.

What to bring
You'll need a laptop with a modern web browser. The workshop is designed to run in a cloud environment using Gitpod, removing the need for local setup. However, if you prefer working locally, you can use any environment with Node.js 20 or later, a code editor (VS Code recommended), and Git installed.

Optional:
- Basic understanding of public key cryptography
- Experience with Next.js or similar full-stack frameworks

Events

KCDC 2023 Sessionize Event

June 2023 Kansas City, Missouri, United States

NDC Oslo 2023 Sessionize Event

May 2023 Oslo, Norway

NDC Sydney 2022 Sessionize Event

October 2022 Sydney, Australia

NDC Melbourne 2022 Sessionize Event

June 2022 Melbourne, Australia

DDD Perth 2021 Sessionize Event

August 2021 Perth, Australia

NDC Sydney 2019 Sessionize Event

October 2019 Sydney, Australia

Ben Dechrai

Disaster Prevention Officer

Kansas City, Missouri, United States

Links

Actions

Please note that Sessionize is not responsible for the accuracy or validity of the data provided by speakers. If you suspect this profile to be fake or spam, please let us know.

Jump to top