Web and application developers face significant challenges defending their platforms and users from attackers who try to co-opt these platforms to launch and distribute attacks on users—for example, a platform hosting user-generated content that gets abused to host phishing attacks or hacked to distribute malware. Protecting your web platform and your users from malware, phishing, social engineering, or similar threats is becoming exceedingly difficult. Attackers are constantly evolving and evading existing detection techniques. Keeping up in this arms race and building out appropriate defenses is tremendously resource intensive for developers.
Applications that host user-generated content or accept user comments are particularly vulnerable to attacks that host and distribute content that is harmful to users. In addition, the more reputable and popular a site is, the more attractive of a target it becomes to attackers because these sites provide a large user base of potential victims and raise less suspicion for harmful activity.
The more successful your app or website, the more damage such an attack will cause to your brand and reputation. Once hacked, your site may get flagged by security vendors as being unsafe, damaging your reputation. Users may subsequently desert your platform if they perceive it as being insecure.
Noé Lutz showcases example attacks on web platforms that target end users, touching on the lessons that the Google Safe Browsing team has learned over the past 10 years of protecting more than two billion Internet devices from various types of web threats. Noé focuses on tools app and website developers can use to protect their users and specifically explores how developers can apply Google’s free Safe Browsing APIs to protect their websites and users from harm to make the Internet a safer place.
Noé Lutz is a senior staff software engineering and tech lead on the Safe Browsing team at Google. Noé leads the antiphishing and social engineering efforts within Safe Browsing and is responsible for protecting Google and its users from deceptive web content that might put users’ digital identity or devices at risk. He also leads the Safe Browsing API and clients effort within Safe Browsing, whose mission is to bring Safe Browsing protection to over two billion devices. Noé received an MSc in computer science and information security from ETH Zurich, Switzerland, and is currently pursuing an MBA part time at the Haas School of Business at UC Berkeley.
©2016, O’Reilly UK Ltd • (800) 889-8969 or (707) 827-7019 • Monday-Friday 7:30am-5pm PT • All trademarks and registered trademarks appearing on oreilly.com are the property of their respective owners. • firstname.lastname@example.org