Sunday 2:15 p.m.–2:35 p.m. in Terrace
Quick Wins for Better Website Security
Dan Callahan
- Audience level:
- Intermediate
Description
Learn quick and easy techniques to improve your website's security, protect against session hijacking, and defend against XSS and data injection attacks.
Abstract
This talk will cover simple but lesser known techniques for dramatically improving your website's security, with an eye to what Django, Flask, and Pyramid provide out of the box.
This talk will explore:
- HTTP Strict Transport Security (HSTS)
- Content Security Policies (CSP)
- Secure / HttpOnly cookies
- Isolated domains for user content
- Avoiding passwords