Browser security with HTTP headers - David Lord
This talk was presented at PyBay2019 - 4th annual Bay Area Regional Python conference. See pybay.com for more details about PyBay and click SHOW MORE for more information about this talk. Description Browsers provide many ways to help keep your users and their data secure. In this talk, learn about what security features are available and how to enable them in Flask, Django, or other web applications. This talk is targeted at intermediate web developers, but should be useful for beginners as well. Abstract Each section will discuss a type of vulnerability and how the browser can be configured to protect users. Examples will be shown using Flask, but are applicable to other applications. Overview of how browsers behave by default and what configuration is available. Cross-site Scripting and the X-XSS-Protection header Content sniffing and the X-Content-Type-Options header Clickjacking, using frames to trick users into clicking hidden content, and the X-Frame-Options header Cookie header options and content security History information and the Referrer-Policy header HTTPS headers: TLS certificates, HTTP redirection, and Strict Transport Security Content-Security-Policy controls where different types of content can be loaded from. Explain how to determine a good policy for an application. Validating security configuration https://www.ssllabs.com/ssltest/ https://securityheaders.com/ Using these tools and interpreting results. What do good and bad configurations look like? About the speaker David Lord is a core maintainer of Flask and manages the Pallets open source organization. He is a member of San Diego Python, where he helps organize a weekly Python study group. Sponsor Acknowledgement This and other PyBay2019 videos are via the help of our media partner AlphaVoice (https://www.alphavoice.io/)! #pybay #pybay2019 #python #python3 #gdb

HTTP Headers for the Responsible Developer • Stefan Judis • GOTO 2019

HTTP Security Headers In Action - Sven Morgenroth - PSW #652

Beyond Paradigms - Luciano Ramalho

Same-origin policy: The core of web security @ OWASP Wellington

HTTP Security Headers You Need To Have On Your Web Apps - Scott Sauber - NDC London 2021

HTTP Headers and Cookies

Ryan Seddon: So how does the browser actually render a website | JSConf EU 2015

Missing HTTP Security Headers - Bug Bounty Tips

14. SSL and HTTPS

Practical Web Cache Poisoning: Redefining 'Unexploitable'

Web Application Security Fundamentals (must know basics for developers, testers and hackers)

HTTP Request Response Headers Tutorial In Detail | HTTP Headers Tutorial

HSTS - HTTP Strict Transport Security - Protect against SSL Stripping attack - Practical TLS

Billionaire's WARNING: I'm SELLING. The Crash Is Already Here!

Web App Pentesting - HTTP Headers & Methods

HTTP Security Headers | Part 01

Content-Security-Policy: Offensive vs Defensive Tactics

HTTP Headers - The State of the Web

HTTP Cookies Crash Course

