Web Security: everything a web developer should know
Submitted by Alessandro Nadalin (@alexnadalin) on Sunday, 16 September 2018
Technical level: Intermediate
As software engineers, we often think of security as an afterthought: build it, then fix it later.
Truth is, knowing a few simple browser features can save you countless of hours banging your head against a security vulnerability reported by a user. This talk aims to save you days learning about security fundamentals for Web applications and provide you a concise and condensed idea of everything you should be aware of when developing on the Web from a security standpoint.
Don’t know cookies flags very well? Can’t think of a good way to make sure that if your CDN gets compromised your users aren’t affected? Still adding CSRF tokens to every form around? Then this talk will definitely help you get a better understanding of how to build strong, secure Web applications made to last.
Security is often an afterthought because we don’t understand how simple measures can improve our application’s defense by multiple orders of magnitude – so let’s learn it together!
I’d like to guide the audience through a journey in web security: from understanding how browsers work to more complicated concepts such as web cryptography.
These are the main talking points:
- understanding the browser – what attack surface are web developers dealing with?
- HTTP security – how do we secure applications being served and running through the HTTP protocol?
- security related headers – what HTTP headers can we use to improve our security posture?
- HTTP cookies – how to manage sessions and make sure our users are safe
- situationals – what to do when facing a particular situation?
Alessandro Nadalin is a seasoned technical leader, currently in Dubai working for Rocket Internet, who pays a lot of attention to enterprise patterns, methodologies, and SOA.
He has been involved in projects for the Italian government, Samsung, Nissan, ENI and in the e-commerce scene in the Middle East.
When he’s not working, you can find him speaking at some conference, riding his motorcycle, blogging or eating some Indonesian food in the old side of Dubai.