CH
Uploaded byCheryl Hung
96 views

Cheryl Hung, Vibe Coding Auth Without Melting Down! isaqb Software Architecture Gathering 2025.pdf

Customer identity and access management (CIAM) has become a critical component in handling complex identity needs in human-AI-machine ecosystems, making it essential for modern application architectures. Building CIAM is a fine balance between user experience (social login, single sign-on, multi-factor authentication, biometrics), security and regulatory standards (risk-based authentication, GDPR, audits) and scalability (distributed architectures for load balancing and high availability, analytics). Can vibe coding handle the challenge? In this talk we’ll see how far we can push the limits – anything could happen…

Embed presentation

Download to read offline
1 Vibe Coding Auth Without Melting Down! Cheryl Hung | 25 Nov 2025 | Berlin
C++ engineer ➔ Developer Advocate ➔ Ecosystem Leader 2 Cheryl Hung
3
4 Vibe code a Javascript application implementing on-premise, standards-based authentication
5 Why authentication?
6 Why authentication? 1. Touches everything 2. 3. 4.
7 Why authentication? 1. Touches everything 2. Security vs Usability vs Scalability 3. 4.
8 Why authentication? 1. Touches everything 2. Security vs Usability vs Scalability 3. Constantly evolving 4.
9 Why authentication? 1. Touches everything 2. Security vs Usability vs Scalability 3. Constantly evolving 4. Federated identity crosses boundaries
10 🎯 Functionality ⃞ Username and password authentication ⃞ User registration and login ⃞ A protected profile page ⃞ Logout functionality
11 🎯 Requirements ➢ Does not use a SaaS provider ➢ Uses a local user database
12
✓ Express server with registration and login endpoints 13
✓ Express server with registration and login endpoints ✓ Hashes passwords 14
✓ Express server with registration and login endpoints ✓ Hashes passwords ✓ JWT token generation 15
16
17 ✗ Leaks information about accounts existing
18
19 ✗ Leaks information about accounts not existing
20
21 ✗ Checking for duplicate accounts is not case sensitive
22
23 ✗ No password requirements
24 ✗ OWASP recommends newer hashing functions
25 Security and cloud
26 What % said security? What are your challenges when using/deploying containers?
27 % say security is a challenge when using containers
28 % say security is a challenge when using containers
29 % say security is a challenge when using containers
30 % say security is a challenge when using containers
31 % say security is a challenge when using containers
32 % say security is a challenge when using containers
33 Why is security so tricky?!
34 1. Shared responsibility leads to gaps 2. 3. 4.
35 1. Shared responsibility leads to gaps 2. Misconfiguration is the killer 3. 4.
36 1. Shared responsibility leads to gaps 2. Misconfiguration is the killer 3. Identity is the new perimeter 4.
37 1. Shared responsibility leads to gaps 2. Misconfiguration is the killer 3. Identity is the new perimeter 4. Speed vs security tensions
38 So what now?
39 “Shift Down” Kubernetes Security Paper Published Feb 2025
40 ✨ Application team ● Develop features ● Fix defects
41 ✨ Application teams ● Develop features ● Fix defects ✨ Application teams ● Develop features ● Fix defects ✨ Application teams ● Develop features ● Fix defects
42 ✨ Application teams ● Develop features ● Fix defects ✨ Application teams ● Develop features ● Fix defects ✨ Application teams ● Develop features ● Fix defects 🤖 Platform team ● Self-service / Automation
43 ✨ Application teams ● Develop features ● Fix defects ✨ Application teams ● Develop features ● Fix defects ✨ Application teams ● Develop features ● Fix defects 🤖 Platform team ● Self-service / Automation 🔒 Security team ● Runtime security ● Compliance ● Vulnerabilities ● Misconfigurations ● SW supply chain
44 ✨ Application teams ● Develop features ● Fix defects ✨ Application teams ● Develop features ● Fix defects ✨ Application teams ● Develop features ● Fix defects 🤖 Platform team ● Self-service / Automation ● Vulnerabilities ● Misconfigurations ● Supply chain 🔒 Security team ● Runtime security ● Compliance ● Vulnerabilities ● Misconfigurations ● SW supply chain
45 ✨ Application teams ● Develop features ● Fix defects ✨ Application teams ● Develop features ● Fix defects ✨ Application teams ● Develop features ● Fix defects 🔒 Security team ● Runtime security ● Compliance ● Vulnerabilities ● Misconfigurations ● SW supply chain 🤖 Platform team ● Self-service / Automation ● Vulnerabilities: Manage base images ● Misconfigurations ● Supply chain
46 ✨ Application teams ● Develop features ● Fix defects ✨ Application teams ● Develop features ● Fix defects ✨ Application teams ● Develop features ● Fix defects 🔒 Security team ● Runtime security ● Compliance ● Vulnerabilities ● Misconfigurations ● SW supply chain 🤖 Platform team ● Self-service / Automation ● Vulnerabilities: Manage base images ● Misconfigurations: Manage policies ● Supply chain
✨ Application teams ● Develop features ● Fix defects ✨ Application teams ● Develop features ● Fix defects 47 ✨ Application teams ● Develop features ● Fix defects 🔒 Security team ● Runtime security ● Compliance ● Vulnerabilities ● Misconfigurations ● SW supply chain 🤖 Platform team ● Self-service / Automation ● Vulnerabilities: Manage base images ● Misconfigurations: Manage policies ● Supply chain: Secure, aest, verify
✨ Application teams ● Develop features ● Fix defects ✨ Application teams ● Develop features ● Fix defects 48 ✨ Application teams ● Develop features ● Fix defects 🤖 Platform team ● Self-service / Automation ● Vulnerabilities: Manage base images ● Misconfigurations: Manage policies ● Supply chain: Secure, aest, verify 🔒 Security team ● Runtime security ● Compliance ● Vulnerabilities ● Misconfigurations ● SW supply chain
49 1. Embrace the chaos - platform team manages common concerns 2. 3.
50 1. Embrace the chaos - platform team manages common concerns 2. Automate trust - Policy as Code 3.
51 1. Embrace the chaos - platform team manages common concerns 2. Automate trust - Policy as Code 3. Less is more - complements Shift Left, but reduces developer overhead
52 github.com/kubernetes/sig-se curity/blob/main/sig-security-d ocs/papers/shift-down/shift-d own-security.md
53 Final thoughts
54 Thank you oicheryl.com

More Related Content

PPTX
Top Trends in Kubernetes Security: TalosCon 2025
byCheryl Hung
 
PDF
10k and counting 0 Insights and Trends from Cloud Native London.pdf
byCheryl Hung
 
PDF
DevSecOps: essential tooling to enable continuous security 2019-09-16
byRich Mills
 
PDF
DevSecOps: What Why and How : Blackhat 2019
byNotSoSecure Global Services
 
PPTX
Overcoming the old ways of working with DevSecOps - Culture, Data, Graph, and...
byErkang Zheng
 
PDF
AWS Community Day - Vitaliy Shtym - Pragmatic Container Security
byAWS Chicago
 
PDF
Building a DevSecOps Pipeline Around Your Spring Boot Application
byVMware Tanzu
 
PPTX
Reveal the Security Risks in the software Development Lifecycle Meetup 060320...
bylior mazor
 
Top Trends in Kubernetes Security: TalosCon 2025
byCheryl Hung
 
10k and counting 0 Insights and Trends from Cloud Native London.pdf
byCheryl Hung
 
DevSecOps: essential tooling to enable continuous security 2019-09-16
byRich Mills
 
DevSecOps: What Why and How : Blackhat 2019
byNotSoSecure Global Services
 
Overcoming the old ways of working with DevSecOps - Culture, Data, Graph, and...
byErkang Zheng
 
AWS Community Day - Vitaliy Shtym - Pragmatic Container Security
byAWS Chicago
 
Building a DevSecOps Pipeline Around Your Spring Boot Application
byVMware Tanzu
 
Reveal the Security Risks in the software Development Lifecycle Meetup 060320...
bylior mazor
 

Similar to Cheryl Hung, Vibe Coding Auth Without Melting Down! isaqb Software Architecture Gathering 2025.pdf

PDF
Threat Modeling the CI/CD Pipeline to Improve Software Supply Chain Security ...
byDenim Group
 
PPTX
"Building Trust: Strengthening Your Software Supply Chain Security", Serhii V...
byFwdays
 
PPTX
Shared Security Responsibility Model of AWS
byAkshay Mathur
 
PDF
Shift Left Security
bygjdevos
 
PDF
cloud security lecture abcedfghigklmnopqrstucvbnm,
byarfaouisalim
 
PDF
Presentation ING for ISC2 Secure Summits EMEA
byThijs Ebbers
 
PDF
Compliance Superpowers - Ben Blair, Chicago
byAWS Chicago
 
PDF
Addressing Cloud Security with OPA
byDiemShin
 
PDF
Webinar–Creating a Modern AppSec Toolchain to Quantify Service Risks
bySynopsys Software Integrity Group
 
PDF
Shift Left Security
bygjdevos
 
PDF
AppSec How-To: Achieving Security in DevOps
byCheckmarx
 
PPTX
Security engineering 101 when good design & security work together
byWendy Knox Everette
 
PDF
SecDevOps for API Security
by42Crunch
 
PPTX
Security within Scaled Agile
byMark Underwood
 
PDF
Red team-view-gaps-in-the-serverless-application-attack-surface
byPriyanka Aash
 
PDF
Slashing Your Cloud Risk: 3 Must-Do's
bySecurity Innovation
 
PDF
11 secure development
byLen Bass
 
PDF
[2021 Somos Summit] - Rethinking Identity Access Management and The Rise of t...
byWSO2
 
PDF
Legacy-SecDevOps (AppSec Management Debrief)
byDinis Cruz
 
PPTX
Cloud Security or: How I Learned to Stop Worrying & Love the Cloud
byMarkAnnati
 
Threat Modeling the CI/CD Pipeline to Improve Software Supply Chain Security ...
byDenim Group
 
"Building Trust: Strengthening Your Software Supply Chain Security", Serhii V...
byFwdays
 
Shared Security Responsibility Model of AWS
byAkshay Mathur
 
Shift Left Security
bygjdevos
 
cloud security lecture abcedfghigklmnopqrstucvbnm,
byarfaouisalim
 
Presentation ING for ISC2 Secure Summits EMEA
byThijs Ebbers
 
Compliance Superpowers - Ben Blair, Chicago
byAWS Chicago
 
Addressing Cloud Security with OPA
byDiemShin
 
Webinar–Creating a Modern AppSec Toolchain to Quantify Service Risks
bySynopsys Software Integrity Group
 
Shift Left Security
bygjdevos
 
AppSec How-To: Achieving Security in DevOps
byCheckmarx
 
Security engineering 101 when good design & security work together
byWendy Knox Everette
 
SecDevOps for API Security
by42Crunch
 
Security within Scaled Agile
byMark Underwood
 
Red team-view-gaps-in-the-serverless-application-attack-surface
byPriyanka Aash
 
Slashing Your Cloud Risk: 3 Must-Do's
bySecurity Innovation
 
11 secure development
byLen Bass
 
[2021 Somos Summit] - Rethinking Identity Access Management and The Rise of t...
byWSO2
 
Legacy-SecDevOps (AppSec Management Debrief)
byDinis Cruz
 
Cloud Security or: How I Learned to Stop Worrying & Love the Cloud
byMarkAnnati
 

More from Cheryl Hung

PDF
Lessons learned from 3 years inside CNCF - Swiss Cloud Native Day
byCheryl Hung
 
PDF
Key Trends Shaping Cloud Infrastructure and Edge Infrastructure
byCheryl Hung
 
PDF
Building AI platforms together, for everyone @ SOOCon25.pdf
byCheryl Hung
 
PDF
SlideShare a Scribd company logo Search Submit Search Upload Download free...
byCheryl Hung
 
PDF
Infrastructure matters.pdf
byCheryl Hung
 
PDF
Building the Customer Identity Community, Together.pdf
byCheryl Hung
 
PDF
Building the Future, Together - Kubernetes Community Days, 2024
byCheryl Hung
 
PDF
Key Trends Shaping the Future of Infrastructure.pdf
byCheryl Hung
 
PPTX
Multi-Arch Infra From the Ground Up.pptx
byCheryl Hung
 
PDF
Multi-arch from the ground up
byCheryl Hung
 
PDF
Lessons learned from 3 years inside cncf - WTF is Cloud Native, 4 September 2021
byCheryl Hung
 
PDF
Cloud Native Trends and 2022 Predictions - Cheryl Hung, 16 June 2022 - Cloud ...
byCheryl Hung
 
PPTX
Data and Storage Ecosystem Opportunities and Need - Cheryl Hung Sodacon2020 k...
byCheryl Hung
 
PPTX
10 predictions for cloud native in 2021
byCheryl Hung
 
PDF
Key Trends Shaping the Future of Infrastructure.pdf
byCheryl Hung
 
PDF
10 predictions for cloud native in 2021 - Cheryl Hung GIFEE day
byCheryl Hung
 
PDF
10 predictions for cloud native in 2021 - Fidelity Cloud Cast
byCheryl Hung
 
PDF
Infrastructure matters - The DevOps Conference, Copenhagen
byCheryl Hung
 
PDF
Lessons Learned from 3 years inside CNCF
byCheryl Hung
 
PDF
Crossing the chasm with multi-arch
byCheryl Hung
 
Lessons learned from 3 years inside CNCF - Swiss Cloud Native Day
byCheryl Hung
 
Key Trends Shaping Cloud Infrastructure and Edge Infrastructure
byCheryl Hung
 
Building AI platforms together, for everyone @ SOOCon25.pdf
byCheryl Hung
 
SlideShare a Scribd company logo Search Submit Search Upload Download free...
byCheryl Hung
 
Infrastructure matters.pdf
byCheryl Hung
 
Building the Customer Identity Community, Together.pdf
byCheryl Hung
 
Building the Future, Together - Kubernetes Community Days, 2024
byCheryl Hung
 
Key Trends Shaping the Future of Infrastructure.pdf
byCheryl Hung
 
Multi-Arch Infra From the Ground Up.pptx
byCheryl Hung
 
Multi-arch from the ground up
byCheryl Hung
 
Lessons learned from 3 years inside cncf - WTF is Cloud Native, 4 September 2021
byCheryl Hung
 
Cloud Native Trends and 2022 Predictions - Cheryl Hung, 16 June 2022 - Cloud ...
byCheryl Hung
 
Data and Storage Ecosystem Opportunities and Need - Cheryl Hung Sodacon2020 k...
byCheryl Hung
 
10 predictions for cloud native in 2021
byCheryl Hung
 
Key Trends Shaping the Future of Infrastructure.pdf
byCheryl Hung
 
10 predictions for cloud native in 2021 - Cheryl Hung GIFEE day
byCheryl Hung
 
10 predictions for cloud native in 2021 - Fidelity Cloud Cast
byCheryl Hung
 
Infrastructure matters - The DevOps Conference, Copenhagen
byCheryl Hung
 
Lessons Learned from 3 years inside CNCF
byCheryl Hung
 
Crossing the chasm with multi-arch
byCheryl Hung
 

Recently uploaded

PDF
ODSC AI West: Agent Optimization: Beyond Context engineering
byShashikant Jagtap
 
PDF
[BDD 2025 - Mobile Development] Exploring Apple’s On-Device FoundationModels
byWintari Yasmin
 
PDF
[BDD 2025 - Full-Stack Development] PHP in AI Age: The Laravel Way. (Rizqy Hi...
byWintari Yasmin
 
PDF
Cloud Infrastructure monitoring with Grafana Cloud
byImma Valls Bernaus
 
PDF
[BDD 2025 - Full-Stack Development] The Modern Stack: Building Web & AI Appli...
byWintari Yasmin
 
PDF
[BDD 2025 - Artificial Intelligence] Building AI Systems That Users (and Comp...
byWintari Yasmin
 
PDF
10 Best Automation QA Testing Software Tools in 2025.pdf
byRohitBhandari66
 
PDF
Lets Build a Serverless Function with Kiro
byChris Bingham
 
PDF
Agentic Intro and Hands-on: Build your first Coded Agent
byUiPathCommunity
 
PPTX
Leon Brands - Intro to GPU Occlusion (Graphics Programming Conference 2024)
byleonbrands1998
 
PPTX
Leon Brands - Methodical GPU Profiling (Graphics Programming Conference 2025)
byleonbrands1998
 
PDF
Think global, run local: when self-hosted LLMs actually win
byFrancesco Corti
 
PPTX
UFCD 0797 - SISTEMAS OPERATIVOS_Unidade Completa.pptx
byscribddobruno
 
PDF
MuleSoft Meetup: Dreamforce'25 Tour- Vibing With AI & Agents.pdf
byTintu Jacob Shaji
 
PDF
[BDD 2025 - Artificial Intelligence] AI for the Underdogs: Innovation for Sma...
byWintari Yasmin
 
PDF
[BDD 2025 - Mobile Development] Crafting Immersive UI with E2E and AGSL Shade...
byWintari Yasmin
 
PDF
CompTIA Cybersecurity Analyst (CySA+) CS0-003: Unit 2
byVICTOR MAESTRE RAMIREZ
 
PDF
The partnership effect: Libraries and publishers on collaborating and thrivin...
byBookNet Canada
 
PDF
How Much Does It Cost To Build Software
bycollinmishell2
 
PDF
Transcript: The partnership effect: Libraries and publishers on collaborating...
byBookNet Canada
 
ODSC AI West: Agent Optimization: Beyond Context engineering
byShashikant Jagtap
 
[BDD 2025 - Mobile Development] Exploring Apple’s On-Device FoundationModels
byWintari Yasmin
 
[BDD 2025 - Full-Stack Development] PHP in AI Age: The Laravel Way. (Rizqy Hi...
byWintari Yasmin
 
Cloud Infrastructure monitoring with Grafana Cloud
byImma Valls Bernaus
 
[BDD 2025 - Full-Stack Development] The Modern Stack: Building Web & AI Appli...
byWintari Yasmin
 
[BDD 2025 - Artificial Intelligence] Building AI Systems That Users (and Comp...
byWintari Yasmin
 
10 Best Automation QA Testing Software Tools in 2025.pdf
byRohitBhandari66
 
Lets Build a Serverless Function with Kiro
byChris Bingham
 
Agentic Intro and Hands-on: Build your first Coded Agent
byUiPathCommunity
 
Leon Brands - Intro to GPU Occlusion (Graphics Programming Conference 2024)
byleonbrands1998
 
Leon Brands - Methodical GPU Profiling (Graphics Programming Conference 2025)
byleonbrands1998
 
Think global, run local: when self-hosted LLMs actually win
byFrancesco Corti
 
UFCD 0797 - SISTEMAS OPERATIVOS_Unidade Completa.pptx
byscribddobruno
 
MuleSoft Meetup: Dreamforce'25 Tour- Vibing With AI & Agents.pdf
byTintu Jacob Shaji
 
[BDD 2025 - Artificial Intelligence] AI for the Underdogs: Innovation for Sma...
byWintari Yasmin
 
[BDD 2025 - Mobile Development] Crafting Immersive UI with E2E and AGSL Shade...
byWintari Yasmin
 
CompTIA Cybersecurity Analyst (CySA+) CS0-003: Unit 2
byVICTOR MAESTRE RAMIREZ
 
The partnership effect: Libraries and publishers on collaborating and thrivin...
byBookNet Canada
 
How Much Does It Cost To Build Software
bycollinmishell2
 
Transcript: The partnership effect: Libraries and publishers on collaborating...
byBookNet Canada
 

Cheryl Hung, Vibe Coding Auth Without Melting Down! isaqb Software Architecture Gathering 2025.pdf