The date for the release of slides and videos has not been determined.  
Please, visit the event site for further information.
Back To Schedule
Wednesday, May 29 • 11:20am - 11:50am
Security for Modern Webapps: New Web Platform Security Features to Protect your Application

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Feedback form is now closed.
Web applications have historically been plagued by vulnerabilities which allow attackers to compromise the session of a logged-in user: XSS, CSRF, clickjacking and related issues. Luckily, new security mechanisms available in web browsers in 2019 offer exciting features which allow developers to protect their applications. In this talk, we'll introduce these features and explain how to most effectively use them.
We'll start by reviewing major threats based on an analysis of thousands of vulnerability reports Google receives each year under our Vulnerability Reward Program. We will find common themes between bugs which appear unrelated and focus our attention on the most frequent high-risk problems.
We'll then turn our attention to protective mechanisms implemented in modern browsers, which address entire classes of security problems. This includes CSP3 and Trusted Types to prevent XSS, Fetch Metadata Request Headers to protect from CSRF, and CORP/COOP to mitigate the threat of Spectre.

avatar for Lukas Weichselbaum

Lukas Weichselbaum

Staff Information Security Engineer, Google
Lukas Weichselbaum is a Staff Information Security Engineer at Google with 10+ years of industry experience who frequently speaks at international infosec and developer conferences.He's passionate about securing Web applications from common Web vulnerabilities and leads the Google-wide... Read More →

Wednesday May 29, 2019 11:20am - 11:50am IDT
Hall A