SecAppDev 2020 Lecture Details
The security model of the web
Monday March 9, 16:00 - 17:30
The web still depends on the same security model as it did 20 years ago. Even if somewhat flawed, that security model is essential for building secure applications.
The web has undergone a dramatic transformation since the first static HTML documents. However, the underlying security model remains mostly unchanged. Unfortunately, many developers do not have a conscious understanding of the web's security model, its advantages and its limitations.
In this session, we make this underlying security model explicit. We show how to leverage the Same-Origin Policy for security. We illustrate the power of the sandbox, along with other crucial web security concepts, such as cookies. Overall, this session offers the foundation for other web security topics here at SecAppDev.
How to leverage the web's security model to build more secure applications
Anyone building, designing or securing web applications
Philippe De Ryck
Founder, Pragmatic Web Security
Philippe De Ryck helps developers protect companies through better web security. As the founder of Pragmatic Web Security, he travels the world to train developers on web security and security engineering. His Ph.D. in web security from KU Leuven lies at the basis of his exceptional knowledge of the security landscape. Google recognizes Philippe as a Google Developer Expert for his work on security in Angular applications.
Related web security sessions
Building secure frontend web applications
One-day workshop by Jim Manico
Web security Tuesday March 10, 09:00 - 17:30
A builder's guide to API security
One-day workshop by Philippe De Ryck
Most modern applications consist of a frontend web or mobile application, backed by several API-based services. This paradigm shift from server-side page generation causes a significant impact on various security aspects. To build secure applications, developers need to be aware of these security changes, along with current best practices. This one-day workshop offers a unique in-depth perspective on modern API security.
Web security Wednesday March 11, 09:00 - 17:30
Securing web apps with modern platform features
Lecture by Lukas Weichselbaum
Web applications have historically been plagued by vulnerabilities which allow attackers to compromise the session of a logged-in user. Luckily, new security mechanisms in web browsers offer ways for developers to protect their applications
Web security Thursday March 12, 09:00 - 10:30
The ultimate guide to Content Security Policy
Lecture by Lukas Weichselbaum
Even with hardened frameworks and thorough security reviews, there's no guarantee that an application is free of XSS. In this session, I'll present different flavors of CSP, which can serve as a robust defense-in-depth mechanism against XSS.
Web security Wednesday March 11, 14:00 - 15:30
Lecture by Marcin Hoppe
Web security Thursday March 12, 11:00 - 12:30