Overview
Explore cutting-edge web platform security features designed to protect modern web applications in this 30-minute conference talk from OWASP Global AppSec Tel Aviv. Delve into the historical vulnerabilities that have plagued web applications, such as XSS, CSRF, and clickjacking, and discover exciting new security mechanisms available in 2019 web browsers. Learn how to effectively implement these features to safeguard your applications. Examine major threats based on an analysis of thousands of vulnerability reports received by Google through their Vulnerability Reward Program, identifying common themes among seemingly unrelated bugs. Focus on the most frequent high-risk problems and explore protective mechanisms implemented in modern browsers, including CSP3, Trusted Types, Fetch Metadata Request Headers, and CORP/COOP. Gain insights from Lukas Weichselbaum, a Staff Information Security Engineer at Google with over a decade of industry experience, as he shares his passion for securing web applications from common vulnerabilities.
Syllabus
Intro
Common Web Security Flaws
Isolation
Resource Isolation
Resource Isolation Example
CrossOrigin Opener Policy
CSP
TLDR
Taught by
OWASP Foundation