AppSecUSA 2015 has ended
AppSecUSA 2015 - Buy ticket at http://2015.appsecusa.org/buy/
Back To Schedule
Thursday, September 24 • 10:30am - 11:25am
WebRTC, or how secure is p2p browser communication?

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

In this presentation, we will provide the OWASP audience the necessary insights in this emerging Web technology, and discuss the various security aspects of WebRTC. This content is based on a recent study of the Web Security specifications the author has been conducting together with researcher from W3C, IETF and SAP.
Firstly, the overall WebRTC architecture will be presented, and the enabling technologies (such as STUN, TURN, ICE and DTLS-SRTP) will be introduced. This architecture will be illustrated in multiple deployment scenarios. As part of this description, the basic security characteristics of WebRTC will be identified.
Secondly, we will discuss how the new WebRTC technology impacts the security model of the current Web. They will highlight some of the weaknesses they have spot during their security assessment, as well as discuss the open security challenges with the WebRTC technology.

avatar for Martin Johns

Martin Johns

Research Expert, SAP SE
Dr. Martin Johns is a Research Expert in the Product Security Research unit within SAP SE, where he leads the Web application security team. Furthermore, he serves on the board of the German OWASP chapter. Before joining SAP, Martin studied Mathematics and Computer Science at the... Read More →
avatar for Lieven Desmet (KU Leuven)

Lieven Desmet (KU Leuven)

Senior Research Manager, KU Leuven
Lieven Desmet is a Senior Research Manager on Software Secure at the imec-DistriNet Research Group (KU Leuven, Belgium), where he coaches researchers in (web) application security and participates in dissemination and valorization activities. His interests are in security of middleware... Read More →

Thursday September 24, 2015 10:30am - 11:25am PDT
Room D