Contribute Media
Viewing PR #272
A thank you to everyone who makes this possible: Read More

Browser security with HTTP headers

Description

This talk was presented at PyBay2019 - 4th annual Bay Area Regional Python conference. See pybay.com for more details about PyBay and click SHOW MORE for more information about this talk.

Description Browsers provide many ways to help keep your users and their data secure. In this talk, learn about what security features are available and how to enable them in Flask, Django, or other web applications. This talk is targeted at intermediate web developers, but should be useful for beginners as well.

Abstract Each section will discuss a type of vulnerability and how the browser can be configured to protect users. Examples will be shown using Flask, but are applicable to other applications.

Overview of how browsers behave by default and what configuration is available. Cross-site Scripting and the X-XSS-Protection header Content sniffing and the X-Content-Type-Options header Clickjacking, using frames to trick users into clicking hidden content, and the X-Frame-Options header Cookie header options and content security History information and the Referrer-Policy header HTTPS headers: TLS certificates, HTTP redirection, and Strict Transport Security Content-Security-Policy controls where different types of content can be loaded from. Explain how to determine a good policy for an application. Validating security configuration https://www.ssllabs.com/ssltest/ https://securityheaders.com/ Using these tools and interpreting results. What do good and bad configurations look like?

About the speaker David Lord is a core maintainer of Flask and manages the Pallets open source organization. He is a member of San Diego Python, where he helps organize a weekly Python study group.

Sponsor Acknowledgement This and other PyBay2019 videos are via the help of our media partner AlphaVoice (https://www.alphavoice.io/)!

#pybay #pybay2019 #python #python3 #gdb

Details

Improve this page