Let the browser help you securing your web application

Modern browsers are packed with powerful security mechanisms – yet many web applications fail to take full advantage of them. In this talk, we’ll explore how the browser can become your strongest ally in defending against common web vulnerabilities. We’ll dive into built-in features like Content Security Policy (CSP), Subresource Integrity (SRI), HttpOnly Cookies and Trusted Types that help mitigate cross-site-scripting, data leaks and other client-side attacks. You’ll learn practical ways to configure these protections, understand their trade-offs and integrate them into your development workflow. Whether you’re building a single-page app or a server rendered web application, you’ll walk away with concrete techniques to let the browser help you secure your web application.

Problems addressed:
XSS is still an attack vector in most web applications, despite the fact, the browser provides us usefull features to prevent XSS attacks.

Talk language: English
Level: Advanced
Target group: Software Developers, Web Developers, Technical Leads

Company:
RolandK Consulting GmbH

Roland König