Enhancing Application Security: Understanding and Utilizing Browser Security Features
Have you looked at HTTP headers lately? Not only are they unwieldy, but what do half of them mean? Furthermore, browsers are protecting us from more-and-more attacks, but what are all of these acronyms? SOP, CSP, XSS, HSTS, HPKP, CAA… at the end of the day, we just want useable AND secure applications. This talk will break down exactly what all of these acronyms and browser-enforced security policies mean. Attendees will learn implementation and long-term strategies in effort to increase security posture without potentially sinkholing your user’s traffic. Whether you’re a first time developer, multi-linguist application guru, or simply an app user who wants to know what all of this security fuss is about – this session will appeal to the entire security conscious gamut.
Kevin is a Senior Application Security Consultant with experience working at several Fortune 500 enterprises. Although his particular expertise is geared toward hacking Web and Mobile applications, he is also experienced in the entire gamut from mainframes to embedded systems. Kevin is adamant on helping build-up developers through security, which can be seen in his involvement within OWASP or while speaking at events like CodeMash or BSides.