Security is a big problem on the Internet, and Web applications need to have security baked in almost from the first day in order to avoid being attacked and/or exploited. But security needs and concerns can be so overwhelming that a new site might decide to put off worrying about security at all. In this talk, Jacob Kaplan-Moss describes which staff members should be thinking and worrying about security (everyone), how to plan for problems, and what to document — as well as considerations regarding the implementation of security policies in code and tests. If you’re a Web developer, then you should at least think about these security issues.
The Web is amazing, for sure — but it has also failed to live up to many of our (and its) initial promises. There are a lot of bad guys out there, making it unsafe for ordinary people. It’s not as secure as we would like. And of course, it’s not as fast as we would like. What does this mean, and what can we do about it? In this talk, Chris Morgan describes a number of ways in which the Web’s infrastructure can and should change, so that we can benefit even more from the Web as it currently exists. If you’re a web developer, then you’ll likely identify with many of the things mentioned in this talk. It’ll also explain some of the motivations for the Rust language, and the ways in which Rust tries to improve on other languages in all of these areas.
Continuing the discussion of Web security from yesterday’s lecture, today’s talk describes many of the vulnerabilities in modern Web applications — and then goes on to discuss how you can defend against them, as well as test your applications for such holes. Michael Coates, an expert in Web security, looks at some of the most common problems that Web applications experience.
What does “Web security” mean? This lecture, part of a course at MIT, provides an overview of the challenges facing Web applications nowadays. The instructor, James Mickens, talks about a variety of problems, many of which revolve around the complexity of modern browsers. If you didn’t think that the Web was scary before this talk, you will be worried after watching it!
Bo Jeanes demonstrates some absolutely amazing things that you can do with ssh. If you use ssh, then you will likely learn a bunch of new tricks from watching this talk. If nothing else, seeing text-based slides is itself worthwhile.
In this talk from PyCon 2014, Jessica McKellar introduces the idea of a software sandbox, and reviews the ways in which we can and should (and also shouldn’t) create such a system.