Security of National eID (smartcard-based) Web Applications
- Raul Siles
- Wednesday, November 28th, 6:30pm - 7:30pm
National electronic identification (eID) smartcards are used by millions of European citizens, as well as worldwide, as a key element to authenticate against critical web applications on both the public and private sectors. This identification technology commonly used to access a variety of web eGovernment services, plus financial, insurance, and utility companies websites, is considered secure. However, due to the lack of web auditing and pen-testing tools to thoroughly evaluate the smartcard-based authentication process and subsequent session management capabilities... can we really trust the security of these eID services and web applications? The eID smartcard can be secure but... is it used in a secure way? Let's take an in-depth look at the current landscape through security tools, practical demonstrations, and educational scenarios from real-world penetration tests on a worldwide leading country like Spain, with more than 25 million eIDs.
The following bonus sessions are open to all paid attendees at no additional cost. There are many different types of events that fall into these categories:
- SANS@Night: Evening presentations given after day courses have ended. This category includes Keynotes.