Web Security and its rabbitholes
Most Web Developers probably know SameOrigin Policy exists and have heard about XSS, but what they really need to know is how to defend the app from actual threats without spending all their time doing it.
This workshop will cover the web-technology-specific threats and how to defend against them. It goes deep into the rabbitholes of browser security on occassion, but the main focus is on practical advice and it features a few hands-on exercises.
- Intro to often overlooked details of SameOrigin policy
- XSS and more - where does malicious code in a web app come from?
- Content Security Policy and how to roll it out without regrets
- What's possible in Supply Chain Security today?
- Supply Chain hygene for localhost
Duration: 8 hours total with breaks and Q&A
Who should attend?
- Developers working on web applications - for basic web security awareness
- Tech Leads or Principal Engineers/Architects - for the deep dives and practical advice on CSP and Supply Chain Security
- Security Engineers working with web applications or adding security to legacy web applications
Requirements
- Basic knowledge of JavaScript for the browser and Node.js
- At least a month (yes, just a month should be enough) of experience working on web application products, as a front-end or back-end engineer.
- Chromium-based browser and Node.js LTS installed