SecAppDev 2023 lecture details

Modern security features for web apps

Learn about new web platform security mechanisms available in web browsers that enable developers to protect their web applications from common and new web attacks.

Wednesday June 14th, 14:00 - 15:30
Room Lemaire
Download handouts
Abstract

Web applications are often exposed to vulnerabilities that enable attackers to compromise the session of authenticated users. These include XSS, CSRF, clickjacking, XS-Leaks and Spectre. However, new security mechanisms implemented in web browsers provide developers with effective tools to safeguard their web applications against prevalent and emerging web attacks. In this talk, we’ll discuss several of these modern web platform security features. You’ll gain an understanding of CSP3, Trusted Types, Fetch Metadata headers and COOP, and how they can mitigate whole categories of security risks.

Key takeaway

Learn how to use new web security features such as CSP3, Trusted Types, Fetch Metadata and COOP to prevent classes of prevalent & emerging web attacks

Content level

Introductory

Target audience

Developers and security specialists interested in securing web applications.

Prerequisites

Basic knowledge of web application development and security concepts.

Join us for SecAppDev. You will not regret it!

Lukas Weichselbaum
Lukas Weichselbaum

Senior staff security engineer, Google

Expertise: Web security, web platform security and scaling security via secure defaults in web frameworks and safe by default APIs

More details

Join us for SecAppDev. You will not regret it!

Related lectures

SecAppDev offers the most in-depth content you will find in a conference setting