18:30 Weds 1 September 2021: The OWASP Application Gateway (OAG)

[Immo Hüneke]

BCS Software Practice Advancement specialist group

======================================

SPA-358: The OWASP Application Gateway (OAG)

Session leaders: Patrick Steger, Gian-Luca Frei

When: Wednesday 1st September 2021, 18:30 - 20:00 BST

Where: GoTo Webinar

Price: Free

Booking Link: https://1september21spa.eventbrite.co.uk

Your confirmation email will provide the next step to enable you to access the meeting. 48 hours and 1 hour prior to the event, reminder emails will be sent to those registered, with the non-transferable URL needed to gain access. The session will probably be recorded. If you do not wish to feature in the recording, please keep your microphone muted and your camera off.

AGENDA

* from 6:00pm: log in, wait for meeting to begin

* 18:30-20:00 approximately: presentation

* 20:00-20:15 approximately: final questions and conclusion

Synopsis

Having many services exposed to the internet and letting them properly handle login and authentication is a non-trivial task for developers. Add basic security features like CSRF-prevention to this and you have a handful of work to do.

Enter OWASP Application Gateway (OAG). OAG acts as a reverse proxy for you and is able to handle OpenID Connect. It provides a central and controlled way to secure your application services.

In this talk the OWASP Application Gateway project leads will introduce you to OAG, explain its main features as well demo out-of-the-box usage and customization by integrating it in your own SpringBoot project.

About the presenters

Gian-Luca Frei is the initiator and leader of the OWASP Application Gateway project. Besides his open-source contributions, he is a security engineer at Zühlke in Bern. He has in-depth experience with systems with the highest security standards, such as e-banking portals and inter-banking payment protocols. In addition to his professional engagements, Gian-Luca has done research on modern cryptographic protocols for which he has received the ISSS Excellence Award 2019.

Padi Steger loves application security and software development. After more than 20 years in the industry he appreciates every opportunity to get his hands dirty. With OWASP Application Gateway he combines coding and security in what he thinks a pleasant way. He is OWASP Switzerland Chapter Lead and co-project lead of the OWASP Application Gateway. In his professional live he works as a Principal Consultant at Zühlke Engineering in Zürich for selected clients. He is CISSP (certified information systems security professional) und CCSP (certified cloud security professional).

------------------------------------------------------------------------

Registration has opened for the annual SPA conference - Software in Practice, which takes place online from 13-17 September 2021 (https://www.spaconference.org/). For technical reasons, it had to be postponed from the date advertised previously.

------------------------------------------------------------------------

BCS SPA Home Page - http://bcs-spa.org/

Meetings Schedule

London - http://bcs-spa.org/index.php?page=london-meeting-programme

Presentation materials from previous talks are available from the BCS SPA resources site: http://bcs-spa.org/resources.html

Also see YouTube playlist: https://www.youtube.com/playlist?list=PLKBhokJ0qd3_wlvr0j85YhmNfNj8ZJ8M-

------------------------------------------------------------------------

SPA London Meetings Programme Organiser -

Immo Huneke, Zuhlke Engineering Ltd. [mailto:Im...@Huneke.Co.UK]

------------------------------------------------------------------------

Forthcoming meetings: We're looking for volunteers to present or lead workshops on topics of interest to software practitioners. Please come forward with suggestions!

6 Oct 2021: SPA-359 Dr Stephen Castell - software defects and the Law

3 Nov 2021: SPA-360 AGM + topic TBD