SecAppDev 2019 has ended
Back To Schedule
Monday, February 18 • 11:00 - 12:30
The security model of the web

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

The web still depends on the same security model as it did 20 years ago. Even if somewhat flawed, that security model is essential for building secure applications.

The web has undergone a dramatic transformation since the first static HTML documents. However, the underlying security model remains mostly unchanged. Its flaws have resulted in nefarious security vulnerabilities. But to be fair, the security model is also the foundation of many modern defenses. And in today's client-side applications, the web's security model is an essential cornerstone.

In this session, we make this underlying security model explicit. We show that the Same-Origin Policy is too liberal. As a result, we suffer from attacks such as Cross-Site Request Forgery, cross-site scripting, and more. We also explore how you can leverage the security model for better security. You will learn how to leverage concepts such as domain separation and origin isolation. Overall, this session offers the foundation for other web security topics here at SecAppDev.

This session is intended for anyone building, designing or securing web applications.


Philippe De Ryck

Founder, Pragmatic Web Security

Monday February 18, 2019 11:00 - 12:30 CET
Main building (room Lemaire)