Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Getting Browsers to Improve the Security of You...

Getting Browsers to Improve the Security of Your Webapp

Most web developers have some knowledge of input sanitization and encryption, but what happens when you forget an edge case or when users are connected to a rogue access point?

Through the use of technologies like strict transport security, content security policy, sub-resource integrity, and the referrer policy, web developers can instruct browsers to add a second layer of defenses against the most common attacks.

https://confoo.ca/en/yul2017/session/getting-browsers-to-help-improve-the-security-of-your-webapp

Francois Marier

March 09, 2017
Tweet

More Decks by Francois Marier

Other Decks in Programming

Transcript

  1. My Account • Change my address • Change my billing

    card • Reset my password • Delete my account • Watch some cute kittens!
  2. My Account • Change my address • Change my billing

    card • Reset my password • Delete my account • Watch some cute kittens! kittens!!!!!!!!
  3. My Account • Change my address • Change my billing

    card • Reset my password • Delete my account • Watch some cute kittens! kittens!!!!!!!!
  4. My Account • Change my address • Change my billing

    card • Reset my password • Delete my account • Watch some cute kittens!
  5. http://example.com/search?q=serious+medical+condition Click here for the cheapest insurance around! Bla bla

    bla, bla bla, bla bla bla bla. Bla bla bla, bla bla, bla bla bla bla. Bla bla bla, bla bla, bla bla bla bla. Bla bla bla, bla bla, bla bla bla bla. Bla bla bla, bla bla, bla bla bla bla. Bla bla bla, bla bla, bla bla bla bla. Bla bla bla, bla bla, bla bla bla bla. Bla bla bla, bla bla, bla bla bla bla. Bla bla bla, bla bla, bla bla bla bla. Bla bla bla, bla bla, bla bla bla bla.
  6. PDF

  7. 666

  8. 666

  9. RC4

  10. referrer policy subresource integrity noopener cookie prefixes cookie options sandboxed

    iframes x-content-type-options content security policy https strict transport security
  11. Questions? feedback: [email protected] @fmarier mozilla.dev.security © 2017 François Marier <[email protected]>

    This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 License.