Protecting your backend and database is fine, but what about the users? How do we protect them, their browsers and computers?
There's a lot of focus on backend security, best practices, how to store passwords, how to do password recovery, encryption at rest, etc. But to exploit any of those someone needs to target a website specifically, and put a lot of effort into it.
But the users of those websites are exposed every day, and they access them through various insecure networks, including hotel and coffee shop wifi.
In this talk we will cover the usual suspects: HTTPS and certificates, but also talk about some newer tech like HSTS and CSP.