Ben de Haan and Jeroen Willemsen - How to (not) Use Secrets with OWASP WrongSecrets

Abstract

If you want to bring an app to production, you need to know where to put your secrets and how to access them safely. In this session, we’ll go into how to not use secrets with a purposefully vulnerable application. We hope you’ll take this knowledge and not make the same mistakes in your own app. Of course, you’ll also learn a thing or two on how to do secrets management properly. Alternatively, you can use this app to teach others!

Biography

Ben de Haan

I am a Freelance Security Consultant and engineer, and co-project lead of OWASP WrongSecrets. My specialties are security in application development/SRE and cloud. Outside of regular work, I like to spend time creating cool (and secure) things.

Jeroen Willemsen

Jeroen is a typical security jack-of-all-trades. He is a hands-on security architect, who loves to secure anything: from (private) clouds, to mobile apps, and anything in between. Jeroen has been involved in various OWASP projects, now focusing on OWASP WrongSecrets. He enjoys a pentest every now and then, while helping organizations to get secure enough. Jeroen is often engaged in knowledge sharing through talks, blogs, projects at Github, and trainings.

Sprekers