Loading…
This event has ended. View the official site or create your own event → Check it out
This event has ended. Create your own
View analytic
Friday, October 25 • 1:00pm - 1:45pm
Heading Off Trouble: Securing Your Web Application with HTTP Headers and X-Headers

Sign up or log in to save this to your schedule and see who's attending!

This session is a survey of HTTP security headers used to protect Web applications. Much of Web security has been cobbled together over the years, and the disparate and ad hoc standards we have today reflect this evolution. Most engineers are not aware of all the tools available in the developers' toolbox, and some of these tools are still evolving. A view into the state of Web security today and a vision of the future is of interest to any developer working in today's threat-laden cloud service world. 

The following areas are covered, with illustrations of attacks and example defenses. 

* Cross-Site Scripting (XSS), X-Xss-Protection and Content Security Policy (CSP) 
* Cross-Site Request Forgery (CSRF), Origin checking 
* Clickjacking, X-Frame-Options and UI Redressing extensions to CSP 
* Insecure SSL/TLS Implementation, HTTP Strict Transport Security and Certificate Pinning 
* Web APIs, Cross Origin Resource Sharing 
* Hosting Untrusted Content, X-Content-Type-Options and X-Download-Options 
* Stealing Sessions, Session Continuation 

Speakers
avatar for Kevin Babcock

Kevin Babcock

Principal Security Engineer, PagerDuty
Kevin Babcock has been working in the Web security arena since 2000. He was part of the original engineering team at SafeWeb, the inventor of SSL VPN, which was acquired by Symantec in 2003. He continued his information security work at Symantec, developing products for remote access, network security, anti-spam, and Web security; and at Box, leading projects in application security and encryption. He is currently Principal Security Engineer... Read More →


Friday October 25, 2013 1:00pm - 1:45pm
Gemalto Room Norris Conference Center, 2525 W. Anderson Lane, Suite 365, Austin, Texas 78757

Attendees (37)