Building a Better Web
June 11–12, 2018: Training
June 12–14, 2018: Tutorials & Conference
San Jose, CA

Schedule: Security sessions

11:00am–11:40am Wednesday, June 13, 2018
Embracing vulnerability by empowering everyone to own security
Location: 210 C/G
Secondary topics:  Best practice, High-level, Web Pillars Track: Performance, Security, Accessibility
annie lau (Trulia)
Average rating: ****.
(4.88, 8 ratings)
They say great software is secure software. But who should be responsible for ensuring and maintaining security excellence? Home and neighborhood resource Trulia says, "Everyone." Annie Lau explains how Trulia manages vulnerabilities through its bug bounty program and scales the responsibility of security across engineering, product, and business teams. Read more.
9:00am–9:40am Thursday, June 14, 2018
Rebuilding a browser extension for privacy
Location: 212 A/B
Secondary topics:  Hands-on, Technical, Web Pillars Track: Performance, Security, Accessibility
Princiya Sequeira (Zalando)
Average rating: **...
(2.50, 2 ratings)
Browser extensions built with the WebExtensions APIs are compatible with all modern browsers. Princiya Sequeira shares lessons learned migrating a legacy privacy add-on to a web extension, with performance being the key factor. Along the way, you'll explore all things web tracking. Read more.
11:00am–11:40am Thursday, June 14, 2018
The art and craft of secrets: Using the cryptographic toolbox
Location: 212 A/B
Secondary topics:  Best practice, Technical, Web Pillars Track: Performance, Security, Accessibility
Michael Swieton (Atomic Object)
Average rating: ****.
(4.00, 2 ratings)
Michael Swieton explores how the cryptographic ecosystem—which includes tools such as public key cryptography, signatures, password hashes, key exchange, and stream ciphers—provides security for our applications and explains how these tools come together to enable user-visible functionality like secure sessions, user authentication, and single sign-ons. Read more.
3:35pm–4:15pm Thursday, June 14, 2018
Patterns in Node.js vulnerabilities
Location: 210 C/G
Secondary topics:  Best practice, Technical, Web Pillars Track: Performance, Security, Accessibility
Chetan Karande (DTCC)
Average rating: **...
(2.00, 1 rating)
Chetan Karande shares the findings from an analysis of over a thousand publicly known Node.js vulnerabilities. With intuitive data visualizations and statistics, Chetan details trends over last five years, explores common security mistakes made by Node.js package authors, and explains how you can prevent these issues in your own code. Read more.