Building Data Breach and Subpoena Resistant Applications - Philly ETE 2017

Explore techniques for building data breach and subpoena resistant applications in this 50-minute conference talk from Philly ETE 2017. Delve into the challenges of protecting user data against various threats, including internal compromises. Learn about a new approach based on cryptography and messaging that aims to enhance data security beyond traditional methods. Examine the limitations of technical defenses against non-technical attacks and discover how to set new standards for safeguarding user information. Gain insights into JSON Web Tokens, cost-based cryptographic hashes, and see a practical example of implementing these concepts in a written test administration application. Understand the steps involved in admin setup, user invitation, login, exercise completion, and submission review. Conclude with an overview of the final data footprint, further reading suggestions, and next steps for implementing robust data protection strategies.

Intro
BACKGROUND - TRADITIONAL DISCUSSION
BACKGROUND - PLAYING THE ODDS
BACKGROUND - RECENT EXAMPLES
NIGHTMARE THREATS
NIGHTMARE EXAMPLE
RISKS ASSOCIATED WITH ENCRYPTION
SOLUTION BLUEPRINT
JSON WEB TOKENS (JWT)
COST-BASED CRYPTOGRAPHIC HASHES
EXAMPLE APPLICATION - WRITTEN TEST ADMINISTRATION
ADMIN SETUP
USER INVITATION
USER LOGIN
USER STARTS EXERCISE
USER FINISHES EXERCISE
SUBMISSION REVIEWED
FINAL DATA FOOTPRINT
EPILOGUE
FURTHER READING/VIEWING
NEXT STEPS