Dates
Conferences
Tags
Sort by:
Most recent
Conference: Global AppSec San Francisco 2022
Authors: Jean-Philippe Zolesio
2022-11-17
Integrate third-party code or using HTML WYSIWYG editors increase the risk of introducing untrusted code into their web applications. But these are necessary tools and solutions needed to make a seamless and dynamic user experience. In my journey to learn how to execute untrusted code safely, I researched the different ways to solve the problem and the common pitfalls associated with each solution. I also discovered multiple Open Source Software (OSS) projects and decided to complete the set of solutions available with Coriolis. Once I built this new library, new possibilities were unlocked that were previously undreamable.In this presentation, I will present the usage of Iframe as a solution and explain how to use them securely and which drawbacks they have, including PostMessage API. I will also go through the popular option for handling unsecured third-party code with their respective pros and cons. Finally, I would go through how my solution addresses these limitations to provide a better developer experience and how you could do the same.
Conference: OWASP 20th Anniversary Event
Authors: Jasvir Nagra, Pedro Fortuna
2021-09-24
tldr - powered by Generative AI
The presentation discusses the need for a holistic approach to client-side web isolation to improve web application security.
- Current browser-based security features lack full isolation for browser-based apps
- A holistic approach to client-side web isolation is needed to cover all angles of web application security
- Reducing the size of the compartment, making the units stronger, and more developer-friendly is key to achieving this
- Web Page Integrity is a sandboxing solution that can be seamlessly integrated into any web app
Conference: OWASP 20th Anniversary Event
Authors: Miguel Calles
2021-09-24
tldr - powered by Generative AI
The presentation discusses the importance of implementing security measures in cloud computing, particularly in serverless technologies, to reduce costs and ensure data privacy.
- Leverage temporary credentials and short-lived policies to mitigate risks
- Monitor AWS service outages and failures to prevent data loss
- Implement multi-region and multi-cloud designs to ensure application availability
- Use local storage and session storage to store data in case of API call failures
- Perform cost engineering to optimize application costs and reduce total cost to collect for toll operators
- Implement proper cloud security principles to ensure data privacy and security
- Resources for learning about serverless and serverless security include blogs, books, and cloud provider documentation