The web still depends on the same security model as it did 20 years ago. Even if somewhat flawed, that security model is essential for building secure applications.
Abstract The web has undergone a dramatic transformation since the first static HTML documents. However, the underlying security model remains mostly unchanged. Its flaws have resulted in nefarious security vulnerabilities. But to be fair, the security model is also the foundation of many modern defenses. And in today's client-side applications, the web's security model is an essential cornerstone.
In this session, we make this underlying security model explicit. We show that the Same-Origin Policy is too liberal. As a result, we suffer from attacks such as Cross-Site Request Forgery, cross-site scripting, and more. We also explore how you can leverage the security model for better security. You will learn how to leverage concepts such as domain separation and origin isolation. Overall, this session offers the foundation for other web security topics here at SecAppDev.
This session is intended for anyone building, designing or securing web applications.