The web used to be sever-centric, and the browser was merely a rendering engine to display information. Today, the introduction of numerous new technologies has made the web client-centric. A similar evolution can be seen in web security technologies. In recent years, numerous new security technologies can be configured by the server and are enforced by the browser.
In this session, we investigate why these server-driven browser-enforced policies are so popular. We will illustrate how quickly they have risen, and how browsers have become a major driver for security. But it’s not all unicorns and rainbows. These technologies allow you to mess up, making your applications unreachable. What’s even worse, these technologies can be used for malicous purposes as well, and there is not much that can be done against it.
The lecture provides an up-to-date view on web security, and with evidence-backed recommendations of which technologies you should be adopting first.
Philippe De Ryck is a professional speaker and trainer on software security and web security. Since he obtained his PhD at the imec-DistriNet research group (KU Leuven, Belgium), he has been running the group’s Web Security Training program, which ensures a sustainable knowledge transfer of the group’s security expertise towards practitioners.
The Rise and Fall of Client-Side Web Security Technologies – Philippe De Ryck