Third party software dependencies and HTTP Security Headers
Details
Liam will be presenting a two part talk, starting with Vulnerabilities arising from third party software dependencies and concluding with HTTP Security Headers.
Abstract:
Modern software development entails the use of many libraries, machine images and so on. Such code is implicitly trusted and attackers can take advantage of this to exploit the systems that make use of it. This part of the talk will introduce some of the factors for software developers to consider when adding third party dependencies and discuss how attackers compromise these dependencies.
There are multiple HTTP security headers but many websites and web based applications do not implement them. This part of the talk will discuss key security headers, with details such as which headers are the easiest to implement and how to add headers to an existing website without breaking it. Tools and approaches for assisting with implementing the more powerful but also more complicated headers, will also be introduced.
Speaker:
Security was fun so I studied it, now it is my day job.
Venue:
Online, duh... ;-)
Link to be announced.