20121218

Client-side security

Key points:
-https (strict-transport-security header)
-xss
-escaping input
-filtering output
-content-security-policy (no inline scripts), report only mode possible
-sandboxing iframes with minimal rights


presentation - Mike West
Autors: j.k.

Nav komentāru:

Ierakstīt komentāru

Abonēt: Ziņas komentāri (Atom)