Depth in Native and Browser Apps
Isaac Potoczny-Jones, Tozny’s CEO, will be speaking at the QCon San Francisco convention November 13th, 2019. QCon is a convention showcasing use cases of some of the most cutting edge developments in software engineering. Isaac will be presenting a talk titled, Encryption for Defense in Depth in Native and Browser Apps, which outlines some of the work we do here at Tozny. The abstract of the talk is below.
Encryption is one of the most effective technical security measures. It massively reduces the impact and cost of a data breach. But most often encryption focused on “infrastructure-level” elements like TLS and full-disk encryption. These are important tools, but they rely on assumptions about the infrastructure instead of the application code.
As developers, infrastructure isn’t our strength. Sometimes it’s not even our job, so encryption takes a back seat to application-level features. But adding encryption to the application itself can insulate our systems from infrastructure-level failures, adding an important element of defense in depth.
In this talk we will discuss the security pros and cons of application-level and end-to-end encryption. Since browsers are a nearly unavoidable element of modern application development, we will also cover the attack surface of application-level encryption in the browser, how it is very different from native clients, and how WebAssembly and WebCrypto help.