SecAppDev 2017 has ended
View analytic
Monday, February 27 • 15:40 - 17:10
The Web's Security Model

Sign up or log in to save this to your schedule and see who's attending!

While the web has undergone a dramatic transformation since the first static HTML documents, the underlying security model has been largely unchanged. However, due to the vastly expanded client-side capabilities in modern web applications, the security model is now more important than ever. Understanding this security model is key to building secure web applications.

In this session we explore how the Same Origin Policy, a 20-year old security policy, is still the most important security feature in the web. We will investigate which restrictions the Same Origin Policy imposes, and how the lack of restrictions actually allows common web vulnerabilities to exist (e.g. Cross-Site Request Forgery, inclusion of untrusted content, etc.). 

Overall, you will learn how the security model of the Web can be leveraged to build secure web applications, by carefully applying concepts such as domain separation and origin isolation. Additionally, this session provides you with the necessary context to understand and position the latest security technologies that will be covered throughout the SecAppDev course.

avatar for Philippe De Ryck

Philippe De Ryck

Founder, Pragmatic Web Security
Philippe De Ryck is the founder of Pragmatic Web Security, where he travels the world to train developers on web security and security engineering. He holds a Ph.D. in web security from KU Leuven. Google recognizes Philippe as a Google Developer Expert for his knowledge of web security... Read More →

Monday February 27, 2017 15:40 - 17:10
Room: Lemaire

Attendees (6)