9 Days to the kick off: featured session of the day - Node.js Authentication and Data Security by Tim Messerschmidt

With 9 days the Web European Conference, the featured session is Node.js Authentication and Data Security and we asked Tim Messerschmidt to tell us more about his session and about himself.

Q: Tell us a bit more about your session

A: My session Node.js Authentication and Data Security uses the OWASP Top 10 in order to explain common security issues that Node developers encounter. Using Express as a sample platform, I will be going through useful middleware and settings that help hardening your web framework.

Furthermore I'll be covering an area, where terms are often being confused: Authorization and Authentication. It is important to understand that user identity does not necessarily mean granting access to resources and vice versa - effectively this even means that not every identity that is being available across the web necessarily fits every application.

The last topic I want to dive into is data hardening. After covering the basics like key stretching, how hashing works and why leveraging a salt makes sense, I'll compare a few hashing algorithms and will explain when they make sense and when they don't make sense.

Overall this session aims to educate about current security threats. We're living in an era where big services like Ashley Madison, Slack and many more get exploited in order to retrieve user information. I want to explain how these attacks work and what developers can do in order to protect their applications.

Q: Tell us a bit more about yourself

A: I am running PayPal's and Braintree's Developer Relations team in EMEA and APAC. Personally, I am coming from a mobile app and device development background before I started picking up web development. At Braintree_Dev, our team aims for supporting developers and startups across the globe. Two popular initiatives that we've started are Startup Blueprint, a program that aims at supporting early- to mid-stage startups, and BattleHack, a global hackathon format that happens in 14 cities and ends up with the finals in Silicon Valley.

At the moment both my colleague Jonathan LeBlanc and I are authoring a book around data security and identity for O'Reilly and next to this project, I have been responsible for several additions to the Mobile Developers Guide to the Galaxy.

You can find some of my thought-pieces around Developer Evangelism here and a more general purpose blog that covers multiple topics here.

Register to the Web European Conference

If you want to attend this session but haven't registered to the Web European Conference yet, you still have some time: go register before all 900 tickets are gone.

Top