Speakers -> Adding features and blocking attacks using Web security instead of client-server security

QCon San Francisco 2010 Speakers Schedule Tutorials Tracks Social Events Exhibition Sponsors Volunteers Venue Travel Hotels Video Schedule About QCon Contact QCon	Presentation: "Adding features and blocking attacks using Web security instead of client-server security" Track: Securing the Web: Capabilities, JavaScript, and HTML Time: Thursday 14:05 - 15:05 Location: Concordia Room Abstract: Most Web applications use cookies to implement a security model familiar from client-server computing, in which clients communicate with a single server and never directly communicate with each other. But the Web's not a client-server system: the browser communicates with many servers at a time and users directly exchange links amongst themselves. Consequently, the client-server security model breaks down when applied to the Web, resulting in attacks like CSRF and clickjacking and preventing legitimate sharing amongst users. This talk explains how to use web-keys, a security model designed for the Web, to block common attacks and enable rich sharing among users.		Tyler Close, Works on Web Application security at Google Tyler Close works on Web Application security at Google, after spending 5 years at Hewlett-Packard Labs as a security researcher. Much of his work focuses on finding easier ways to implement and use applications that have useful security properties. He has published papers at the Financial Cryptography conference, WWW conference, NDSS, BlackHat, and others.

Presentation: "Adding features and blocking attacks using Web security instead of client-server security"

Tyler Close, Works on Web Application security at Google