Suche senden
Hochladen
Securing Your Ecosystem (FOWA Las Vegas 2011)
•
2 gefällt mir
•
4,716 views
R
Raffi Krikorian
Folgen
Technologie
Business
Melden
Teilen
Melden
Teilen
1 von 31
Empfohlen
500Startups @ Twitter
500Startups @ Twitter
Raffi Krikorian
What's Your StatusNet? Lightning Talk 1.0
What's Your StatusNet? Lightning Talk 1.0
Jon Phillips
Whats Your Status Net 2.0 (Updates like Identi.ca)
Whats Your Status Net 2.0 (Updates like Identi.ca)
Jon Phillips
Bias in tech
Bias in tech
Leon Fayer
How to get maximum from Magento community
How to get maximum from Magento community
Vasyl Malanka
Twitter Api 번역계획서
Twitter Api 번역계획서
Jinho Jung
Twitter: Engineering for Real-Time (Stanford ACM 2011)
Twitter: Engineering for Real-Time (Stanford ACM 2011)
Raffi Krikorian
Real-time systems at Twitter (Velocity 2012)
Real-time systems at Twitter (Velocity 2012)
Raffi Krikorian
Empfohlen
500Startups @ Twitter
500Startups @ Twitter
Raffi Krikorian
What's Your StatusNet? Lightning Talk 1.0
What's Your StatusNet? Lightning Talk 1.0
Jon Phillips
Whats Your Status Net 2.0 (Updates like Identi.ca)
Whats Your Status Net 2.0 (Updates like Identi.ca)
Jon Phillips
Bias in tech
Bias in tech
Leon Fayer
How to get maximum from Magento community
How to get maximum from Magento community
Vasyl Malanka
Twitter Api 번역계획서
Twitter Api 번역계획서
Jinho Jung
Twitter: Engineering for Real-Time (Stanford ACM 2011)
Twitter: Engineering for Real-Time (Stanford ACM 2011)
Raffi Krikorian
Real-time systems at Twitter (Velocity 2012)
Real-time systems at Twitter (Velocity 2012)
Raffi Krikorian
Twitter - Guest Lecture UC Berkeley CS10 Fall 2010
Twitter - Guest Lecture UC Berkeley CS10 Fall 2010
Raffi Krikorian
Developing for @twitterapi #hack4health
Developing for @twitterapi #hack4health
Raffi Krikorian
Intro to developing for @twitterapi (updated)
Intro to developing for @twitterapi (updated)
Raffi Krikorian
Re-architecting on the Fly #OReillySACon
Re-architecting on the Fly #OReillySACon
Raffi Krikorian
Hacking Conway's Law
Hacking Conway's Law
Raffi Krikorian
전략적 구조조정 과정 (Successful Corporate Restructuring)
전략적 구조조정 과정 (Successful Corporate Restructuring)
피플앤인사이트
Erfaringsdeling fra kristiansand
Erfaringsdeling fra kristiansand
Senter for IKT i utdanningen, redaksjon
Soteria
Soteria
Soteria Global
Presentación1
Presentación1
Elizabeth Alvarez
Sesión 6 finalizando idea de negocio
Sesión 6 finalizando idea de negocio
Elizabeth Alvarez
Pricing and pricing strategies
Pricing and pricing strategies
kartheek reddy
Europe CSR Lessons: Lipstick, Food, Fashion and Prostitution
Europe CSR Lessons: Lipstick, Food, Fashion and Prostitution
elaine cohen
Du bestemmer
Du bestemmer
Senter for IKT i utdanningen, redaksjon
#rtgeo (Where 2.0 2011)
#rtgeo (Where 2.0 2011)
Raffi Krikorian
Twitter by the Numbers (Columbia University)
Twitter by the Numbers (Columbia University)
Raffi Krikorian
Twitter and the Real-Time Web
Twitter and the Real-Time Web
Raffi Krikorian
Users and Geo
Users and Geo
Raffi Krikorian
Data Portability for Educators
Data Portability for Educators
Ian Forrester
Puppet and your Metadata - PuppetCamp London 2015
Puppet and your Metadata - PuppetCamp London 2015
Marc Cluet
Web3 + scams = It's a match
Web3 + scams = It's a match
Zoltan Balazs
Hack 101 - IIT Delhi HackU 2011
Hack 101 - IIT Delhi HackU 2011
Saurabh Sahni
Session hijacking by rahul tyagi
Session hijacking by rahul tyagi
amansyal
Weitere ähnliche Inhalte
Andere mochten auch
Twitter - Guest Lecture UC Berkeley CS10 Fall 2010
Twitter - Guest Lecture UC Berkeley CS10 Fall 2010
Raffi Krikorian
Developing for @twitterapi #hack4health
Developing for @twitterapi #hack4health
Raffi Krikorian
Intro to developing for @twitterapi (updated)
Intro to developing for @twitterapi (updated)
Raffi Krikorian
Re-architecting on the Fly #OReillySACon
Re-architecting on the Fly #OReillySACon
Raffi Krikorian
Hacking Conway's Law
Hacking Conway's Law
Raffi Krikorian
전략적 구조조정 과정 (Successful Corporate Restructuring)
전략적 구조조정 과정 (Successful Corporate Restructuring)
피플앤인사이트
Erfaringsdeling fra kristiansand
Erfaringsdeling fra kristiansand
Senter for IKT i utdanningen, redaksjon
Soteria
Soteria
Soteria Global
Presentación1
Presentación1
Elizabeth Alvarez
Sesión 6 finalizando idea de negocio
Sesión 6 finalizando idea de negocio
Elizabeth Alvarez
Pricing and pricing strategies
Pricing and pricing strategies
kartheek reddy
Europe CSR Lessons: Lipstick, Food, Fashion and Prostitution
Europe CSR Lessons: Lipstick, Food, Fashion and Prostitution
elaine cohen
Du bestemmer
Du bestemmer
Senter for IKT i utdanningen, redaksjon
#rtgeo (Where 2.0 2011)
#rtgeo (Where 2.0 2011)
Raffi Krikorian
Twitter by the Numbers (Columbia University)
Twitter by the Numbers (Columbia University)
Raffi Krikorian
Twitter and the Real-Time Web
Twitter and the Real-Time Web
Raffi Krikorian
Users and Geo
Users and Geo
Raffi Krikorian
Andere mochten auch
(17)
Twitter - Guest Lecture UC Berkeley CS10 Fall 2010
Twitter - Guest Lecture UC Berkeley CS10 Fall 2010
Developing for @twitterapi #hack4health
Developing for @twitterapi #hack4health
Intro to developing for @twitterapi (updated)
Intro to developing for @twitterapi (updated)
Re-architecting on the Fly #OReillySACon
Re-architecting on the Fly #OReillySACon
Hacking Conway's Law
Hacking Conway's Law
전략적 구조조정 과정 (Successful Corporate Restructuring)
전략적 구조조정 과정 (Successful Corporate Restructuring)
Erfaringsdeling fra kristiansand
Erfaringsdeling fra kristiansand
Soteria
Soteria
Presentación1
Presentación1
Sesión 6 finalizando idea de negocio
Sesión 6 finalizando idea de negocio
Pricing and pricing strategies
Pricing and pricing strategies
Europe CSR Lessons: Lipstick, Food, Fashion and Prostitution
Europe CSR Lessons: Lipstick, Food, Fashion and Prostitution
Du bestemmer
Du bestemmer
#rtgeo (Where 2.0 2011)
#rtgeo (Where 2.0 2011)
Twitter by the Numbers (Columbia University)
Twitter by the Numbers (Columbia University)
Twitter and the Real-Time Web
Twitter and the Real-Time Web
Users and Geo
Users and Geo
Ähnlich wie Securing Your Ecosystem (FOWA Las Vegas 2011)
Data Portability for Educators
Data Portability for Educators
Ian Forrester
Puppet and your Metadata - PuppetCamp London 2015
Puppet and your Metadata - PuppetCamp London 2015
Marc Cluet
Web3 + scams = It's a match
Web3 + scams = It's a match
Zoltan Balazs
Hack 101 - IIT Delhi HackU 2011
Hack 101 - IIT Delhi HackU 2011
Saurabh Sahni
Session hijacking by rahul tyagi
Session hijacking by rahul tyagi
amansyal
Hacking For Innovation
Hacking For Innovation
Christian Heilmann
YQL - Christian Heilmann Open Hack London presentation
YQL - Christian Heilmann Open Hack London presentation
Korben00
Rice University Advertising Spring 2010
Rice University Advertising Spring 2010
Ed Schipul
CC in the Creative Sectors, Emerging Business Models, and How to use CC - App...
CC in the Creative Sectors, Emerging Business Models, and How to use CC - App...
ccAustralia
Join the Secret Revolution
Join the Secret Revolution
Alan Levine
Social Discovery, Social Access
Social Discovery, Social Access
Stephen Francoeur
The problem with passwords on the web and what to do about it
The problem with passwords on the web and what to do about it
Francois Marier
Leveraging Social Media - CVCC 03-09-2012
Leveraging Social Media - CVCC 03-09-2012
Lee Yount
If you love something, set it free
If you love something, set it free
Mike Ellis
How People are using Twitter at Conferences
How People are using Twitter at Conferences
Martin Ebner
Leveraging Social Media - CAGP 2 27-2012
Leveraging Social Media - CAGP 2 27-2012
Lee Yount
Using OAuth with PHP
Using OAuth with PHP
David Ingram
Open Hack London - Introduction to YQL
Open Hack London - Introduction to YQL
Christian Heilmann
Anatomy of Java Vulnerabilities - NLJug 2018
Anatomy of Java Vulnerabilities - NLJug 2018
Steve Poole
Twitter4R OAuth
Twitter4R OAuth
Susan Potter
Ähnlich wie Securing Your Ecosystem (FOWA Las Vegas 2011)
(20)
Data Portability for Educators
Data Portability for Educators
Puppet and your Metadata - PuppetCamp London 2015
Puppet and your Metadata - PuppetCamp London 2015
Web3 + scams = It's a match
Web3 + scams = It's a match
Hack 101 - IIT Delhi HackU 2011
Hack 101 - IIT Delhi HackU 2011
Session hijacking by rahul tyagi
Session hijacking by rahul tyagi
Hacking For Innovation
Hacking For Innovation
YQL - Christian Heilmann Open Hack London presentation
YQL - Christian Heilmann Open Hack London presentation
Rice University Advertising Spring 2010
Rice University Advertising Spring 2010
CC in the Creative Sectors, Emerging Business Models, and How to use CC - App...
CC in the Creative Sectors, Emerging Business Models, and How to use CC - App...
Join the Secret Revolution
Join the Secret Revolution
Social Discovery, Social Access
Social Discovery, Social Access
The problem with passwords on the web and what to do about it
The problem with passwords on the web and what to do about it
Leveraging Social Media - CVCC 03-09-2012
Leveraging Social Media - CVCC 03-09-2012
If you love something, set it free
If you love something, set it free
How People are using Twitter at Conferences
How People are using Twitter at Conferences
Leveraging Social Media - CAGP 2 27-2012
Leveraging Social Media - CAGP 2 27-2012
Using OAuth with PHP
Using OAuth with PHP
Open Hack London - Introduction to YQL
Open Hack London - Introduction to YQL
Anatomy of Java Vulnerabilities - NLJug 2018
Anatomy of Java Vulnerabilities - NLJug 2018
Twitter4R OAuth
Twitter4R OAuth
Mehr von Raffi Krikorian
Developing for @twitterapi (Techcrunch Disrupt Hackathon)
Developing for @twitterapi (Techcrunch Disrupt Hackathon)
Raffi Krikorian
Twitter for CS10 @ Berkeley (Spring 2011)
Twitter for CS10 @ Berkeley (Spring 2011)
Raffi Krikorian
Twitter by the Numbers
Twitter by the Numbers
Raffi Krikorian
How to use Geolocation in your webapp @ FOWA Dublin 2010
How to use Geolocation in your webapp @ FOWA Dublin 2010
Raffi Krikorian
Intro to developing for @twitterapi
Intro to developing for @twitterapi
Raffi Krikorian
Twitter API Annotations
Twitter API Annotations
Raffi Krikorian
"What's Happening" to "What's Happening Here" @ Chirp
"What's Happening" to "What's Happening Here" @ Chirp
Raffi Krikorian
Energy / Tweet
Energy / Tweet
Raffi Krikorian
Handling Real-time Geostreams
Handling Real-time Geostreams
Raffi Krikorian
Adding the "Where" to the "When"
Adding the "Where" to the "When"
Raffi Krikorian
What's happening here?
What's happening here?
Raffi Krikorian
WattzOn @ ETech 2009
WattzOn @ ETech 2009
Raffi Krikorian
Scala + WattzOn, sitting in a tree....
Scala + WattzOn, sitting in a tree....
Raffi Krikorian
WattzOn Whole Earth Simulator
WattzOn Whole Earth Simulator
Raffi Krikorian
Broken Hearts: How Valentine's Day causes global warming
Broken Hearts: How Valentine's Day causes global warming
Raffi Krikorian
WattzOn presentation @ Web 2.0 Summit
WattzOn presentation @ Web 2.0 Summit
Raffi Krikorian
holmz @ Ignite! NYC
holmz @ Ignite! NYC
Raffi Krikorian
Mehr von Raffi Krikorian
(17)
Developing for @twitterapi (Techcrunch Disrupt Hackathon)
Developing for @twitterapi (Techcrunch Disrupt Hackathon)
Twitter for CS10 @ Berkeley (Spring 2011)
Twitter for CS10 @ Berkeley (Spring 2011)
Twitter by the Numbers
Twitter by the Numbers
How to use Geolocation in your webapp @ FOWA Dublin 2010
How to use Geolocation in your webapp @ FOWA Dublin 2010
Intro to developing for @twitterapi
Intro to developing for @twitterapi
Twitter API Annotations
Twitter API Annotations
"What's Happening" to "What's Happening Here" @ Chirp
"What's Happening" to "What's Happening Here" @ Chirp
Energy / Tweet
Energy / Tweet
Handling Real-time Geostreams
Handling Real-time Geostreams
Adding the "Where" to the "When"
Adding the "Where" to the "When"
What's happening here?
What's happening here?
WattzOn @ ETech 2009
WattzOn @ ETech 2009
Scala + WattzOn, sitting in a tree....
Scala + WattzOn, sitting in a tree....
WattzOn Whole Earth Simulator
WattzOn Whole Earth Simulator
Broken Hearts: How Valentine's Day causes global warming
Broken Hearts: How Valentine's Day causes global warming
WattzOn presentation @ Web 2.0 Summit
WattzOn presentation @ Web 2.0 Summit
holmz @ Ignite! NYC
holmz @ Ignite! NYC
Kürzlich hochgeladen
HTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation Strategies
Boston Institute of Analytics
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
The Digital Insurer
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
sammart93
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
Anna Loughnan Colquhoun
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
HampshireHUG
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
UK Journal
presentation ICT roal in 21st century education
presentation ICT roal in 21st century education
jfdjdjcjdnsjd
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
The Digital Insurer
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
Martijn de Jong
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
vu2urc
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
debabhi2
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
ThousandEyes
Advantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your Business
Pixlogix Infotech
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
apidays
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
Gabriella Davis
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Miguel Araújo
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdf
lior mazor
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
wesley chun
Kürzlich hochgeladen
(20)
HTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation Strategies
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
presentation ICT roal in 21st century education
presentation ICT roal in 21st century education
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
Advantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your Business
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdf
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
Securing Your Ecosystem (FOWA Las Vegas 2011)
1.
Securing your ecosystem
@raffi http://www.flickr.com/photos/mklingo/
2.
Speaking at @fowa!
Let’s talk about securing ecosystems & let’s talk @twitterapi! 29 Jun via Twitter for iPhone from Meet, Las Vegas 233 South 4th Street Las Vegas, Nevada 89101 View Tweets at this place
3.
4.
>660K Developers on
@twitterAPI
5.
>900K Apps +
The Official ones
6.
>200M users on
@twitter
7.
8.
Users are paramount
http://www.flickr.com/photos/ilya/
9.
Users need 2
things protected ⇢ identity ⇢ data http://www.flickr.com/photos/ilya/
10.
Security is hard
to bolt on “later” http://www.flickr.com/photos/ragzrejected/
11.
Govern your ecosystem http://www.flickr.com/photos/mr_t_in_dc/
12.
13.
Case study in
@twitterAPI
14.
We used to
be basic auth
15.
raffi ← Username
: totallysecure ← Password
16.
Base64(raffi:totallysecure)
cmFmZmk6dG90YWxseXNlY3VyZQ==
17.
GET /secure HTTP/1.1 Host:
localhost Authorization: Basic cmFmZmk6dG90YWxseXNlY3VyZQ==
18.
The password antipattern
19.
OAuth
20.
The carrot
21.
further protect our
users ⇢ mandate the use of OAuth ⇢ understand where our traffic is coming from
22.
This conversion
was a challenge
23.
And... One more
time, protect our users ⇢ break out a new permissions model ⇢ try to make it extremely clear to a user what apps are doing
24.
Be really really really (really)
∞ explicit
25.
Check back with
me next year — i might be able to say how it went
26.
27.
What would I
do if i were you? ⇢ forget basic auth! ⇢ go straight to OAuth 2 ⇢ understand your “problem”
28.
Make sure to
have the tools you need http://www.flickr.com/photos/11872189@N00/
29.
Our Users
@taylorswift13
30.
31.
Follow me Questions?
@raffi