Securing the SaaS Apps of the Future

In this keynote presentation, Brett Winterford, APJ CSO at Okta emphasises the importance of updating security requirements for SaaS app vendors to address emerging threats, particularly related to session token theft and machine-to-machine authentication.

He highlights existing non-negotiable requirements such as single sign-on and automated provisioning but propose adding new conditions like phishing-resistant authenticators and endpoint security measures.

Brett draws attention to recent incidents involving session token theft, stressing the need for heightened security measures. He explains how adversaries target session tokens using various methods like malware and transparent proxies.

Ensuring the implementation of measures such as phishing-resistant authenticators and robust endpoint security protocols is crucial for effectively mitigating these threats.

Furthermore, Brett introduces advancements in security protocols such as OAuth2 extensions to address machine-to-machine authentication risks. He discusses the importance of limiting token scope, implementing short-lived tokens, and enforcing proof of possession to enhance security.

Use acquisitions like Auth0…