The other side of webapp security
Protecting your backend and database is fine, but what about the users? How do we protect them, their browsers and computers?
There's a lot of focus on backend security, best practices, how to store passwords, how to do password recovery, encryption at rest, etc. But to exploit any of those someone needs to target a website specifically, and put a lot of effort into it.
But the users of those websites are exposed every day, and they access them through various insecure networks, including hotel and coffee shop wifi.
In this talk we will cover the usual suspects: HTTPS and certificates, but also talk about some newer tech like HSTS and CSP.
Friday, 2018-10-05 @ 13:05
> Skill level: intermediate
> Duration: 25 min
Luka has been doing computer stuff professionally for over half his life. Despises frontend, likes doing talks. Likes putting out trash fires for money. Runs Sekura Collective, a chaos management agency. Formerly infrastructure lead at noom.com, CTO/cofounder at hitlistapp.com and developer at deviantart.com. Splits time between Zagreb and New York. Dreams in matrixcode.