Founder & Senior Security Analyst, Taddong
Raul Siles is a founder and senior security analyst with Taddong. His more than ten years of expertise delivering advanced security services and solutions in various worldwide industries include security architecture design and reviews, penetration tests, incident handling, forensic analysis, security assessments, and information security research in new technologies. Raul is one of the few individuals who have earned the GIAC Security Expert (GSE) designation, he is a SANS author and instructor of penetration testing courses, regular speaker at security conferences, and contributes to research and open-source projects.
Presentation: Security of National eID (smartcard-based) Web Applications
National electronic identification (eID) smartcards, a technology considered secure, are used by millions of European and worldwide citizens as a key element to authenticate against critical web applications in both the public and private sectors, including eGovernment, financial, insurance, and utility companies’ web applications. However, due to the lack of web pen-testing tools to thoroughly evaluate the smartcard-based authentication process and subsequent session management capabilities... can we really trust the security of these eID services and web applications? The eID smartcard can be secure but... is it used in a secure way? Let's take an in-depth look at the current landscape from real-world penetration tests on a worldwide leading country like Spain, with more than 25 million eIDs.