This event has ended. View the official site or create your own event → Check it out
This event has ended. Create your own
View analytic
Friday, May 12 • 12:25 - 12:40
Increasing web apps security with the power of http headers

Sign up or log in to save this to your schedule and see who's attending!

Feedback form is now closed.
Nowadays everyone uses web browsers on a daily basis for various tasks such as reading emails or purchasing on ecommerce portals. Web developers often forget that a browser is a piece of software that can be used as remote code execution engine, an can be used to inject malicious code either by exploiting an Cross-Site Scripting (XSS) vulnerability or by executing a MITM attack. The focus of this talk is to explain how new browser headers (HSTS, HPKP, CSP) can help to easily add an extra layer of security in order to defend against common web security vulnerabilities. These could be the talking points: -Introduction about web browsers security,explaining why secure transport is important and what HTTPS provides in terms of confidentiality, authenticity and integrity -Analyze new headers, such as HTTP Strict Transport Security (HSTS), HTTP Public Key Pinning (HPKP) and Content Security Policy (CSP),explaining how they work for avoid HTTPS,XSS and Clickjacking attacks.

avatar for Jose Manuel Ortega

Jose Manuel Ortega

I’m a Software Engineer really focused on new technologies, open source, security and testing.My career has been focused from the beginning to specialize in Python and security testing projects.In recent years I'm interesting in security development, especially on web and mobile... Read More →

Friday May 12, 2017 12:25 - 12:40
Waterfront Center: Lightning Room