filmov
tv
Web Application Security 101
Показать описание
Do what I say is one of the basic rules of security. And, in a web application, the "what i say" is a set of security headers (Content-Security-Policy, XSS, Cross Origin Request).
If your site uses CDN, Ad's, user-generated content, you owe this to your users, your brand.
I have a thesis: any company that doesn't bother with Content-Security-Policy on their main web site has a poor culture of security elsewhere. They may argue that the main web site is not intended to be secure, its read-only content. Until the day it has some grafitti on it. Do you want a company who doesn't care about the front door security handling your data elsewhere?
My call to action: Learn these Web Application Security 101 techniques. Apply them to a site you own or influence. Teach someone else about them. Let's pay it forward.
If your site uses CDN, Ad's, user-generated content, you owe this to your users, your brand.
I have a thesis: any company that doesn't bother with Content-Security-Policy on their main web site has a poor culture of security elsewhere. They may argue that the main web site is not intended to be secure, its read-only content. Until the day it has some grafitti on it. Do you want a company who doesn't care about the front door security handling your data elsewhere?
My call to action: Learn these Web Application Security 101 techniques. Apply them to a site you own or influence. Teach someone else about them. Let's pay it forward.
0:08:05
0:26:25
0:20:23
0:11:13
0:56:25
0:52:37
2:04:47
0:07:07
0:27:31
2:47:57
0:57:07
0:10:07
0:10:54
0:28:33
0:16:36
0:45:02
1:05:12
13:48:38
0:17:19
0:50:11
0:09:09
0:03:20
0:20:58
0:12:24