Presentation: Quick Wins for Better Website Security

Saturday 2:35 p.m.–3:05 p.m.

Quick Wins for Better Website Security

Dan Callahan

Audience level:: Novice
Category:: Security

Description

Learn quick, easy, and lesser-known techniques to improve your website's security, protect against session hijacking, and defend against XSS and data injection attacks.

Abstract

This talk covers simple but lesser known techniques for dramatically improving your website's security, with an eye to what Django, Flask, and Pyramid provide out of the box. Specifically: 1. HTTP Strict Transport Security (HSTS) 2. Content Security Policies (CSP) 3. Secure / HttpOnly cookies 4. Isolated domains for user content 5. Avoiding passwords