Session
HTTP Security Headers You Need To Have On Your Web Apps
If you go check out SecurityHeaders.com, you'll see over half of applications get an F grade when it comes to correctly applying HTTP Security Headers. I've found well over half of developers don't even have a clue what a Security Header is. Yet every single web application out there needs them - even internal web applications. This likely means that many web applications are being exploited right now as you're reading this, due to this misconfiguration.
In this session, we'll explain a handful of HTTP Security Headers (including HSTS, CSP, XFO, and more) from the bottom up. We'll explain what they are, what they do, and how you can implement them to secure your sites. On each of these, we'll demo a before and after so you can see first hand what each of these security headers do.
By the end of this session, you'll be able to take away practical advice to start securing your web applications immediately when you go back to work.
Scott Sauber
Director of Engineering at Lean TECHniques Inc
Des Moines, Iowa, United States
Links
Please note that Sessionize is not responsible for the accuracy or validity of the data provided by speakers. If you suspect this profile to be fake or spam, please let us know.
Jump to top