Wednesday 15:00 - 16:00
With the launch of the Reporting API any browser that visits your site can automatically detect and alert you to a whole heap of problems with your application. DNS not resolving? Serving an invalid certificate? Got a redirect loop, using a soon to be deprecated API or any one of countless other problems, they can all be detected and reported with no user action, no agents, no code to deploy. You have one of the most extensive and powerful monitoring platforms in existence at your disposal, millions of browsers. Let's look at how to use them.
Friday 16:20 - 17:20
From EV to HPKP to certificate revocation, everything is broken. Security constructs that were once held dear are increasingly shown to be ineffective, detrimental or downright dangerous. Yet so many within the industry persist with pushing the constructs of yesteryear or forging ahead with new ones they don’t yet fully understand.
Principal Security Lead - Microsoft Customer Security & Trust