The other side of webapp security

A presentation at Webcamp Zagreb in in Zagreb, Croatia by Luka Kladaric

Protecting your backend and database is fine, but what about the users? How do we protect them, their browsers and computers?

There's a lot of focus on backend security, best practices, how to store passwords, how to do password recovery, encryption at rest, etc. But to exploit any of those someone needs to target a website specifically, and put a lot of effort into it.

But the users of those websites are exposed every day, and they access them through various insecure networks, including hotel and coffee shop wifi.

In this talk we will cover the usual suspects: HTTPS and certificates, but also talk about some newer tech like HSTS and CSP.

Video

Buzz and feedback

Here’s what was said about this presentation on Twitter.