Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Quick Wins for Better Website Security (Dan Cal...

Quick Wins for Better Website Security (Dan Callahan)

Learn quick and easy techniques to improve your website's security, protect against session hijacking, and defend against XSS and data injection attacks.

This talk will cover simple but lesser known techniques for dramatically improving your website's security, including:

This talk will explore:

1. HTTP Strict Transport Security (HSTS)
2. Content Security Policies (CSP)
3. Secure / HttpOnly cookies
4. XSS Protection
5. Frame Options
6. Isolated domains for user content
7. Avoiding passwords altogether

PyCon Canada

August 11, 2013
Tweet

More Decks by PyCon Canada

Other Decks in Programming

Transcript

  1. TRANSMIT RENDER STORE SSL Secure Cookies Strict Transport Security HttpOnly

    Cookies XSS Protection Content Security Policy Frame Options
  2. TRANSMIT RENDER STORE SSL Secure Cookies Strict Transport Security HttpOnly

    Cookies XSS Protection Content Security Policy Frame Options User Content Domain Don’t Store Passwords
  3. TRANSMIT RENDER STORE SSL Secure Cookies Strict Transport Security HttpOnly

    Cookies XSS Protection Content Security Policy Frame Options User Content Domain