It's time for another round of Tech Talks at Eventbrite, and this month we're tackling Security with a lineup of experts including our very own "Firewall Paul", Alex Smolen of Twitter and Tom Maher who keeps things safe at Heroku
Join us for good conversation, drinks + food and 3 (or more!) awesome talks.
6:00 - Doors open + kegs tapped
7:00 - Talks Start
9:00 - Wrap Up
Paul Pieralde, Eventbrite
Paul Pieralde heads up a variety of security and engineering initiatives for Eventbrite. Prior to Eventbrite, Paul was with the Paranoids at Yahoo!. You can follow his obnoxiously boring Twitter at @ppierald if you are into that kind of thing.
Securing Cryptography Keys and Data-At-Rest With Python
Eventbrite's applications are written mostly in Django. Being a big Python fan and crypto nerd, Paul will outline some of Eventbrite's application architecture and how it goes about securing cryptography keys and data-at-rest in its many data stores using Django, Keyczar, and nginx/uwsgi.
Alex Smolen, Twitter
Alex is a security engineer at Twitter. He has a Masters of Information Management Science (MIMS) from the School of Information at UC Berkeley. Previously, he was a security consultant at Foundstone, a division of McAfee.
Defending the Bird
The product security team is responsible for ensuring the security of all code Twitter ships. This means proactively finding and fixing vulnerabilities using automation, working closely with engineering teams throughout the company to design and implement secure systems, and building security features into the product. To make all this happen and execute at a fast pace, we practice an agile process and build tools to support rapid information transfer.
Tom Maher, Heroku
Tom Maher is a member of the Heroku Security Team. He has previously worked at various large companies and universities, and is sad when he has to XML. His professional interests include authentication, web application security, and Unix arcana. Outside of work, his interests include his cat and beards. And gentlemen, he's available.
OAuth: An Implementation Case Study
Deservedly so, the OAuth 2 specification has a reputation for needlessly byzantine complexity, leading to implementation bugs which weaken overall authentication security. Unfortunately, it's the best widely-used public standard we have at the moment (anyone mention SAML and I swear to Bruce Schneier I will cut you). Join Heroku Security Engineer Tom Maher as he walks through the growing pains of centralizing login and replacing static, singleton, never-expiring API keys with a cavalcade of OAuth tokens. He'll discuss our deviations from the spec, interesting bugs, and best practices around using OAuth as an internal SSO system.
At Eventbrite, we’re passionate about building a platform that brings people together around live experiences of all kinds. So we’re developing the technology that powers music festivals, hackathons, air guitar competitions, mud runs, rallies, and everything in between.
Join millions of people on Eventbrite.