Securing a web (site/app/api): hands on!

Waterloo Technology Chautauqua
Waterloo Technology Chautauqua
Public group

Every 4th Tuesday of the month

Agilicus Incorporated

87 King St W · Kitchener, ON

How to find us

ION! or park behind off ontario/halls lane. Or duke garage. 3rd floor, on the left, come on in.

Location image of event venue


Didn't get a lot of comments on topics.
This is one i've been working on for a bit, covered in recent vid and blog

I will go through how one assess a web app/api/site for security. How to harden it, showing some of the tools.

I will then show some of the complex things you can do w/ a Web Application Firewall (WAF) using resty-lua-waf ( as an examplke, if you are stuck with a weak app and no way to fix its code.


- Content-Security-Policy
- XSS-*
- Cross Origin Request Sharing
- HTTP Strict Transport Security
- TLS setup

Feel free to open and be amazed @ the score of 0/100 (F).