Security of National eID (smartcard-based) Web Applications
- Raul Siles
- Thursday, February 28th, 6:30pm - 7:30pm
National electronic identification (eID) smartcards are used by millions of European citizens, as well as worldwide, as a key element to authenticate against critical web applications in both the public and private sectors. This identification technology commonly used to access a variety of web eGovernment services, plus financial, insurance, and utility companies' websites, is considered secure. However, due to the lack of web auditing and pen-testing tools to thoroughly evaluate the smartcard-based authentication process and subsequent session management capabilities... can we really trust the security of these eID services and web applications? The eID smartcard can be secure but... is it used in a secure way? Let's take an in-depth look at the current landscape through security tools, practical demonstrations, and educational scenarios from real-world penetration tests on a worldwide leading country like Spain, with more than 25 million eIDs.
The following bonus sessions are open to all paid attendees at no additional cost. There are many different types of events that fall into four categories:
- Lunch & Learn: Short presentations given during the lunch break.
- SANS@Night: Evening presentations given after day courses have ended. This category includes Keynotes.
- Vendor: Events hosted by external vendor exhibitors.
- Special Events: SANS-hosted events and other non-technical recreational offerings. This category includes, but is not limited to, Receptions and Information Tables.
|APT: It is Time to Act||Dr. Eric Cole||Wednesday, February 27th, 6:30pm - 8:00pm||SANS@Night|
|Security of National eID (smartcard-based) Web Applications||Raul Siles||Thursday, February 28th, 6:30pm - 7:30pm||SANS@Night|