Building a Better Web
June 19–20, 2017: Training
June 20–22, 2017: Tutorials & Conference
San Jose, CA
Please log in

Schedule: Security sessions

9:00am–9:40am Wednesday, June 21, 2017
Modern Web Essentials
Location: 210 BF
Mike North (LinkedIn)
Average rating: ****.
(4.20, 10 ratings)
Your users are almost certainly vulnerable in one way or another. Mike North explores a series of common web app security pitfalls, first demonstrating how to exploit the vulnerability and then recommending a pragmatic and effective defense against the attack. Buckle up, because Mike's about to take some things you love and depend on and smash them to bits. Read more.
9:50am–10:30am Wednesday, June 21, 2017
Modern Web Essentials
Location: 212 A/B
Ilya Nesterov (Shape Security)
Average rating: **...
(2.75, 4 ratings)
Content Security Policy (CSP) is a powerful and complex standard that allows you to bring an additional level of security to your web applications. Ilya Nesterov outlines the not-so-obvious things that lead to weak CSP, illustrates typical mistakes in CSP, based on the Alexa top 1 million sites, and explains how you can build strict CSP in your own projects. Read more.
4:25pm–5:05pm Wednesday, June 21, 2017
Web Services and APIs
Location: 210 BF
Average rating: ****.
(4.00, 6 ratings)
In the new world of JavaScript UIs, REST APIs, and microservices, applications that run in the highly insecure browser environment must handle tokens and other secrets to have access to backend services. Drawing on his experience at Rackspace, Miguel Grinberg discusses the risks and shares best practices to avoid them. Read more.
9:00am–9:40am Thursday, June 22, 2017
Tim Kadlec (Independent)
Average rating: ****.
(4.38, 8 ratings)
One of the wonderful things about building for the web is the ability to stand on the shoulders of our fellow developers, who release new frameworks and libraries to make our job easier. But nothing is free. We constantly make trade-offs, whether we know it or not. Tim Kadlec explains how to evaluate third-party tools to identify these trade-offs—a requirement for the health of your site. Read more.
3:35pm–4:15pm Thursday, June 22, 2017
lewis ardern (Synopsys)
Average rating: ****.
(4.00, 1 rating)
AngularJS is one of those wonderful frameworks that seems to hide so many of JavaScript’s warts. But while Angular adds much-needed features to the language, it also creates a handful of new security problems. Lewis Ardern walks you through an application that illustrates security issues discovered in real-world applications and explains the problem with usable solutions. Read more.