SecAppDev 2024 lecture details
Security foundations for modern web applications
In this session, we explore how to leverage the fundamental security model of the web for security. We also explore how to build a secure foundation for your web and API-based applications.
Monday June 3rd, 11:00 - 12:30
Room West Wing
Download handoutsAbstract
Web security is messy, quirky, and often quite complicated. Without a solid understanding of the security model, navigating this tangled web and building secure applications is impossible.
In this session, we explore how the browser thinks about security and how we can leverage that to build more secure web applications and APIs. We define core security techniques that you can use as the secure baseline to build your applications on. This session will give you the necessary background to secure your applications, and to dive into more advanced web security topics here at SecAppDev.
Key takeaway
Understand how the browser reasons about web security, and how you can leverage browser security mechanisms to secure your applications
Content level
Introductory
Target audience
Anyone building applications that are exposed to the Internet
Prerequisites
None
Philippe De Ryck
Security Expert, Pragmatic Web Security
Expertise: Web security, API security, OAuth 2.0, OpenID Connect
Related lectures
Supercharging OAuth 2.0 security
Advanced lecture by Philippe De Ryck in room Lemaire
Tuesday June 4th, 16:00 - 17:30
Discover how to apply OAuth 2.0 in high-security scenarios, exploring its latest security enhancements. Learn about advanced features like Resource Indicators, JAR, PAR, and DPoP, gaining the knowledge to implement OAuth 2.0 securely.
Key takeaway: OAuth 2.0 offers various new security enhancements, including Resource Indicators, JAR, PAR, DPoP, designed for high-security environments
Introduction to Macaroons
Introductory lecture by Neil Madden in room Lemaire
Wednesday June 5th, 14:00 - 15:30
A deep dive into the workings of Macaroons, a novel authorization technique developed by Google. Learn the unique capabilities of this exciting new technology and how it is being deployed by multiple companies to secure the cloud.
Key takeaway: Learn when to use Macaroons vs other technologies for authentication tokens.
Designing “least-authority” JavaScript apps
Deep-dive lecture by Tom Van Cutsem in room West Wing
Monday June 3rd, 14:00 - 15:30
Learn the problems and solutions of combining "trusted" and "untrusted" JavaScript. We introduce secure dialects of JavaScript and practical tools that are available to help contain third-party dependencies.
Key takeaway: Learn how to get "trusted" and "untrusted" JavaScript to safely co-exist in your app.