Making Open Work
May 8–9, 2017: Training & Tutorials
May 10–11, 2017: Conference
Austin, TX

Web server defense: Swift edition

2:35pm3:15pm Wednesday, May 10, 2017
Location: Meeting Room 10 A/B
Level: Intermediate

Who is this presentation for?

  • Software engineers

Prerequisite knowledge

  • Familiarity with building a basic REST application in a language like Ruby, Java, JavaScript, or Python

What you'll learn

  • Understand why you should consider Swift when building your next end-to-end application because its security advantages


The Swift language was born on the client side, but since it was open-sourced in late 2015, it has gained wide momentum in the server community. However, security and the threat vectors that are introduced are among the challenges that exist in bringing Swift to the server side. Understanding these threats and designing proper protection mechanisms is crucial before end-to-end Swift applications can be written and deployed.

Gelareh Taban explains how security can be built into a Swift server application, using an end-to-end Swift app to demonstrate how a client can communicate with a web service securely and access service resources with proper authentication and authorization. Gelareh discusses best practices in using the new Swift security frameworks as well as the Swift language itself, illustrating how building upon the safety features of the language can prevent many common vulnerabilities that plague servers thus reducing their attack surface.

Photo of Gelareh Taban

Gelareh Taban


Gelareh Taban is the security lead for the Swift@IBM team in Austin, TX, where she is responsible for the security of the Swift server runtime as well as the security of the Swift@IBM applications Swift Sandbox and the Swift Package Catalog. Previously, Gelareh was a researcher with IBM Austin Research Lab (ARL) and Samsung Research America in Dallas and a security engineer on Apple’s Application Security team. She holds a PhD from the University of Maryland, College Park, where her research focused on key management and secure data aggregation.