Sign up to save your podcasts
Or
Share Web Application Security 101: Get the basics right
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
Web Application Security 101: Get the basics right
Web Application Security 101The Basics.tpgb-block-fefcea_211715.tpgb-heading-title .seprator { margin-left: 0; margin-right: auto; }@media (max-width:1024px){.tpgb-block-fefcea_211715.tpgb-heading-title .seprator { margin-left: 0; margin-right: auto; }}
CSRF? CSP? CORS?
CONTACT ✉
Web Application Security is complex to get perfect, but easy to get better than average. I have a thesis: if you have not tried to secure anything in the easy category, the security culture of your organisation suggests the more complex things won’t be done well either. One of the tools I use to assess this security 101 is the Mozilla Observatory. Sure, it doesn’t check everything, but if you have a 0 here, you likely are not putting in the effort anywhere.
In this presentation (and video below) I talk a little bit about the “Do what I say” security concept for a web site owner. The ‘What I say’ is encoded as a set of Headers (Content-Security-Policy, XSS-*, Cross Origin Request, CAA). I show you how to go from bad to good in a small amount of effort.
My call to action: Learn these Web Application Security 101 techniques. Apply them to a site you own or influence. Teach someone else about them. Let’s pay it forward.
https://youtu.be/pKlN2tp4mvsVideo can’t be loaded because JavaScript is disabled: Web Application Security 101 (https://youtu.be/pKlN2tp4mvs)
View all episodes
By Don BowmanWeb Application Security 101The Basics.tpgb-block-fefcea_211715.tpgb-heading-title .seprator { margin-left: 0; margin-right: auto; }@media (max-width:1024px){.tpgb-block-fefcea_211715.tpgb-heading-title .seprator { margin-left: 0; margin-right: auto; }}
CSRF? CSP? CORS?
CONTACT ✉
Web Application Security is complex to get perfect, but easy to get better than average. I have a thesis: if you have not tried to secure anything in the easy category, the security culture of your organisation suggests the more complex things won’t be done well either. One of the tools I use to assess this security 101 is the Mozilla Observatory. Sure, it doesn’t check everything, but if you have a 0 here, you likely are not putting in the effort anywhere.
In this presentation (and video below) I talk a little bit about the “Do what I say” security concept for a web site owner. The ‘What I say’ is encoded as a set of Headers (Content-Security-Policy, XSS-*, Cross Origin Request, CAA). I show you how to go from bad to good in a small amount of effort.
My call to action: Learn these Web Application Security 101 techniques. Apply them to a site you own or influence. Teach someone else about them. Let’s pay it forward.
https://youtu.be/pKlN2tp4mvsVideo can’t be loaded because JavaScript is disabled: Web Application Security 101 (https://youtu.be/pKlN2tp4mvs)