Build resilient systems at scale
October 12–14, 2015 • New York, NY

Security and performance: Breaking the conundrum

Sonia Burney (Akamai), Sabrina Burney (Akamai)
3:40pm–4:20pm Wednesday, 10/14/2015
Location: Nassau Suite
Average rating: ****.
(4.44, 9 ratings)
Slides:   1-PDF 

Prerequisite Knowledge

The attendees should have a basic knowledge of various front end code techniques so that we can show them how to best apply them while keeping security in mind.

Description

While the focus has generally been on protecting users by blocking requests going to the origin, there is now a shift in trying to protect users at the browser while providing an optimal experience. There are other areas such as HTTP2 with the new concept of server push, where the focus is queuing up resources at the origin without being requested by the browser. This poses the question: “Where does security fit in?”, as we are still attempting to reduce the number of requests and focusing on the end user experience.

The goal of security is to ensure we protect the origin servers by blocking malicious requests going forward. The goal of front-end performance (not backbone) is to improve browser rendering for the end user by using several optimizations, one being reducing the number of HTTP requests, which increase load time.

With both goals defined, we can see that the implications of front-end optimization being applied to a website inherently reduces the need for security at the origin, as much of the rendering work is focused on the front end without needing to go back to the origin server. Additionally, through the use of certain front-end optimization techniques mentioned below, users can avoid some security risks that are involved in navigating between various pages in a site, clicking on third-party content, and filling out forms.

1. Code obfuscation
2. Leveraging the HTML5 local storage capabilities with specific reference to JavaScript resource consolidation
3. Iframe sandboxing to avoid phishing and injecting third party scripts
4. Cacheable Ajax (with non personalized data)
5. Asynchronous JavaScript (defer execution to the onload event)
6. Image lazy loading (the pros and cons)

Security benefits are observed at the browser level through the use of the above optimizations that enhance the end-user experience.

Photo of Sonia Burney

Sonia Burney

Akamai

Sonia Burney is a solutions architect at Akamai Technologies with a background in frontend web development. Sonia’s main area of expertise is web performance with a strong focus on frontend optimizations that help enhance the user experience.

Photo of Sabrina Burney

Sabrina Burney

Akamai

Sabrina Burney is a solutions architect at Akamai Technologies. With a background in programming, her current focus of work and study involves security and protecting web infrastructures.

Stay Connected

Follow Velocity on Twitter Facebook Group Google+ LinkedIn Group

Videos

More Videos »

O’Reilly Media

Tech insight, analysis, and research