Loading…
This event has ended. View the official site or create your own event → Check it out
This event has ended. Create your own
View analytic
Monday, February 27 • 15:40 - 17:10
The Web's Security Model

Sign up or log in to save this to your schedule and see who's attending!

While the web has undergone a dramatic transformation since the first static HTML documents, the underlying security model has been largely unchanged. However, due to the vastly expanded client-side capabilities in modern web applications, the security model is now more important than ever. Understanding this security model is key to building secure web applications.

In this session we explore how the Same Origin Policy, a 20-year old security policy, is still the most important security feature in the web. We will investigate which restrictions the Same Origin Policy imposes, and how the lack of restrictions actually allows common web vulnerabilities to exist (e.g. Cross-Site Request Forgery, inclusion of untrusted content, etc.). 

Overall, you will learn how the security model of the Web can be leveraged to build secure web applications, by carefully applying concepts such as domain separation and origin isolation. Additionally, this session provides you with the necessary context to understand and position the latest security technologies that will be covered throughout the SecAppDev course.



Speakers
avatar for Philippe De Ryck

Philippe De Ryck

Web Security Expert, KU Leuven
Philippe De Ryck is a professional speaker and trainer on software security and web security. Since he obtained his PhD at the imec-DistriNet research group (KU Leuven, Belgium), he has been running the group's Web Security Training program, which ensures a sustainable knowledge transfer of the group’s security expertise towards practitioners.



Monday February 27, 2017 15:40 - 17:10
Room: Lemaire

Attendees (5)