© Mapbox, © OpenStreetMap

Speaker

Ben Dechrai

Ben Dechrai

Head of Developer Relations

Kansas City, Missouri, United States

Actions

Ben Dechrai is a technologist with a strong focus on security and privacy, recognised as an MVP for his exceptional contributions to the community. From writing code at 11 years old to prevent his parents from breaking the family PC, to leading developer relations at Arcjet, Ben empowers developers to build safer applications through better security and coding practices. With over two decades of experience in software engineering, security, and architecture, Ben is a published author, and has consulted for companies and investors across numerous industries. He is deeply involved in the tech community, running technology conferences and workshops to share his expertise. Offstage, Ben enjoys travelling the world with his wife and engages with fellow tech enthusiasts through his project, hallway.social.

Awards

Area of Expertise

  • Information & Communications Technology

Topics

  • IoT
  • Security and IoT
  • Security
  • Application Security
  • web security
  • api security
  • Identity
  • Identity Management
  • Identity and Access Management

Ten Key Steps for Enhanced Web App Security

This talk provides developers with a strategic approach to bolstering web application security. This talk focuses on key areas including securing client-side code, ensuring data integrity, and protecting against web vulnerabilities.

Through practical advice and live demonstrations, attendees will learn how to implement effective security practices across their applications, from managing external data sources to safeguarding user interactions.

Join us, and elevate your frontend security game against the backdrop of today's cyber threats.

Reverse Engineering with GenAI

Generative AI is all the rage. It'll write your test for you, and then the code to satisfy your tests! Sure, that's a panacea, and it's not quite as amazing as profits-focused boards of directors would like, but it's certainly a great tool in every developer's toolbelt.

And yet, a tool is just a tool, and it can be used for good, and for bad. In this session, we're going to look into the ways in which GenAI can be used to help reverse engineer security algorithms.

Take, for example, a company that provides physical documents to prove ownership of an asset and uses a checksum as a security feature rather than just a data integrity check. How hard is it to determine the algorithm based on a limited data set? Whether by brute force or mathematical genius, it's a tall order for most human brains.

Let's examine a sample dataset, discover some tools at our disposal, and look at ways in which they can be used to reproducing the code your organisation might use to keep users safe.

Hacking JWTs

Dive deep into the world of JSON Web Tokens (JWTs) as we uncover their hidden mysteries. Despite their trusted use by APIs and Databases, these data packages aren't without vulnerabilities. Join us on an enlightening journey filled with live demos, where we'll expose weaknesses that can compromise their reliability.

Equip yourself with practical knowledge and tools to fortify your digital defenses. Our goal is to ensure the trustworthiness of these crucial data carriers, empowering you to protect your systems from unexpected threats.

Explore the intriguing landscape of "Hacking JWTs," where we shed light on complexities and provide you with the expertise to secure your digital world.

Is Application Security an Illusion?

The first worm in cyberspace wasn't just quietly roaming the digital frontier – it was a wake-up call to security issues. Its benign intentions famously backfired, bringing the early Internet to its knees for days!

Fast forward to today, and the cyber landscape is a thriller with a plot that thickens daily. From targeting elections to threatening entire democracies, malicious attacks have taken centre stage in our global narrative!

It's tempting to view this as a dystopian tech saga, where the odds are stacked against us – a world where a thousand rights are overshadowed by a single wrong, a solitary vulnerability. Sounds like a nail-biter, doesn't it?

But let's flip the script and look at the reality. I'm here to lead you through a story of resilience and preparedness, a tale where we're not just bystanders but heroes in our own right. Join me in unravelling why this cyber challenge is not just another cliffhanger but a saga we're well-equipped to conquer and discover how YOU are a key character in this epic cybersecurity adventure.

Build your own Secure Messenger

You've written a blog in 5 minutes, but what about a secure, encrypted communications application?

This workshop will get you started with a simple static site, and iteratively build it up to become an end-to-end encrypted chat platform.

You'll learn how to get started quickly with various cloud services for authentication, data storage, and data retrieval, add encryption layers to the system, design data structures that won't leak metadata, and even provide mechanisms for plausible deniability.

Participants will benefit from having a moderate understanding of consuming APIs and be comfortable understanding JavaScript.

The State of Authentication: Are Passwords Dead Yet?

As both technology and adversarial attacks evolve, the way we authenticate ourselves online becomes increasingly critical – and intriguingly, more invisible with advances like IMFA.

In this talk, we will embark on a journey through the history of credentials, beginning with the humble password. We'll uncover the quirky and creative ways in which people have enhanced security practices around storing and managing credentials, tackled phishing attacks, secured single-page apps, and addressed the age-old problem of the post-it note.

Concluding our exploration, we'll delve into concrete examples of WebAuthn and Passkeys, and how they, along with invisible MFA, offer improved security and user experience. Join us for an engaging session where learning about digital security is as entertaining as it is essential!

Write your own Databaseless Web Store in Hours

A decade ago, it would have taken days to spin up a new website. Want identity and payment functionality? Make that weeks.

Using open-source tools and cloud services means we can run faster and with more confidence. We can launch a minimal viable product based on years of well-tested code in mere hours.

In this workshop, we'll create a new React JS single-page application, host it and some lambda functions on Netlify, and add Auth0 and Stripe to handle the vast majority of the functionality. No additional database will be required to get this fully functional web store up and running!

Fine Grained Authorisation with Relationship-Based Access Control

Who can tag me in a post? If I move this file to another folder, who now has access? If my owner breaks up with his friend, will I still get a bone?

Whether you're a human, or a dog, let's face it, authorisation is hard. Role-based access control is a great starting point but hard to scale. Attribute-based access control scales better, but neither are much good at answering more complex conditions, like whether friends-of-friends can read your posts, or knowing if your dental hygiene is going to suffer. For such situations, we generally have to wrap this up into business logic.

This is where relationship-based access control (ReBAC) comes in, offering a nuanced approach to accessing resources without codifying that into the applications.

In this session, we'll look at how to define these relationships, experience live demos, and discover how we can deploy our own fine-grained authorisation service. Expect some tail-wagging insights and a few laughs as we explore access control from a canine's point of view.

KCDC 2023 Sessionize Event

June 2023 Kansas City, Missouri, United States

NDC Oslo 2023 Sessionize Event

May 2023 Oslo, Norway

NDC Sydney 2022 Sessionize Event

October 2022 Sydney, Australia

NDC Melbourne 2022 Sessionize Event

June 2022 Melbourne, Australia

DDD Perth 2021 Sessionize Event

August 2021 Perth, Australia

NDC Sydney 2019 Sessionize Event

October 2019 Sydney, Australia

Ben Dechrai

Head of Developer Relations

Kansas City, Missouri, United States

Actions

Please note that Sessionize is not responsible for the accuracy or validity of the data provided by speakers. If you suspect this profile to be fake or spam, please let us know.

Jump to top