BEGIN:VCALENDAR VERSION:2.0 PRODID:-//https://techplay.jp//JP CALSCALE:GREGORIAN METHOD:PUBLISH X-WR-CALDESC:WebHack #11 Using Cryptography Safely X-WR-CALNAME:WebHack #11 Using Cryptography Safely X-WR-TIMEZONE:Asia/Tokyo BEGIN:VTIMEZONE TZID:Asia/Tokyo BEGIN:STANDARD DTSTART:19700101T000000 TZOFFSETFROM:+0900 TZOFFSETTO:+0900 TZNAME:JST END:STANDARD END:VTIMEZONE BEGIN:VEVENT UID:657487@techplay.jp SUMMARY:WebHack #11 Using Cryptography Safely DTSTART;TZID=Asia/Tokyo:20180220T190000 DTEND;TZID=Asia/Tokyo:20180220T202000 DTSTAMP:20260516T103443Z CREATED:20180202T101222Z DESCRIPTION:イベント詳細はこちら\nhttps://techplay.jp/event/65748 7?utm_medium=referral&utm_source=ics&utm_campaign=ics\n\nDetails\nUsing C ryptography Safely\nAbstract\n\nWeb apps are using cryptography very ofte n nowadays\, but still this is not a simple task. As shown\, a whopping 8 7% of Android apps and 80% of iOS apps analyzed by Veracode were found to have cryptographic issues.\nIf you're using your language's standard lib rary to encrypt something\, you'll suddenly find yourself grappling with arcane choices. Should you use CFB\, CBC\, CTR or ECB? Should you use PKC S#7 padding? What is an IV and how do you set it's value?\nThese little c hoices can easily break your cryptography entirely\, even you've chosen a strong cipher. Turning to the web for help\, won't save you either. Unfo rtunately\, Stack Overflow answers\, blog articles and tutorials are stil l full of mistakes and bad advice.\nThere are some good news\, though. Yo u can understand how encryption works without understanding all the math behind it. This talk will try to unlock the meaning behind all these conf using terms and help you learn new ideas and write safer code in the same time.\nPresenter\nBoaz Yaniv is Software Architect who is passionate abo ut security and cryptography. Linguist and Humanities specialist by train ing\, he found himself working on authentication solutions - first for th e Israeli government then for Rakuten\, Inc. in Japan - and add to learn a lot about cryptography in the process.\nLightning talk: Overview of JSO N Object Signing and Encryption (JOSE)\nAbstract\nJavaScript Object Notat ion (JSON) is a text format for the serialization of structured data. The JSON format is often used for serializing and transmitting structured da ta over a network connection.\nJSON Object Signing and Encryption (JOSE) WG in IETF standardized mechanism for integrity protection (signature and MAC) and encryption as well as the format for keys and algorithm identif iers to support interoperability of security services for protocols that use the JSON.\nThere are specifications such as JSON Web Key (JWK)\, JSON Web Signature (JWS) and JSON Web Encryption (JWE) in JOSE WG. This light ning talk will introduce overview of them.\nPresenter\nMasaru Kurahayashi (@kura_lab) is Authentication Technology kuro-obi(黒帯) and CISO-Board in Yahoo! Japan Corporation. He is an engineer and responsible for Identi ty federation systems such as OAuth and OpenID Connect provided by Yahoo! JAPAN. Also\, He works for OpenID Foundation Japan as an evangelist for about four years.\nProgram\n\n19:00-19:10 Registration\n19:10-20:00 Prese ntation from Mr. Boaz Yaniv\n20:00-20:10 Q&A\n20:10-20:20 Talk from Mr. M asaru Kurahayashi\n20:30-22:00 Dinner\n\nVenue\nhttps://lodge.yahoo.co.jp /access_pc.html\nContact\nMr.Bible (080-8495-1823)\nAcknowledgement\nTech Meetup WebHack would like to express the special thanks of gratitude to Yahoo! JAPAN who provide the wonderful venue. LOCATION:Yahoo! Japan LODGE 東京都千代田区紀尾井町1-3 17F URL:https://techplay.jp/event/657487?utm_medium=referral&utm_source=ics&utm _campaign=ics END:VEVENT END:VCALENDAR