Category Archives: Security

[Video 312] Jacob Kaplan-Moss: Minimum Viable Security

Security is a big problem on the Internet, and Web applications need to have security baked in almost from the first day in order to avoid being attacked and/or exploited. But security needs and concerns can be so overwhelming that a new site might decide to put off worrying about security at all. In this talk, Jacob Kaplan-Moss describes which staff members should be thinking and worrying about security (everyone), how to plan for problems, and what to document — as well as considerations regarding the implementation of security policies in code and tests. If you’re a Web developer, then you should at least think about these security issues.

[Video 172] Chris Morgan: Fast, secure, safe: the web that can still be

The Web is amazing, for sure — but it has also failed to live up to many of our (and its) initial promises. There are a lot of bad guys out there, making it unsafe for ordinary people.  It’s not as secure as we would like.  And of course, it’s not as fast as we would like.  What does this mean, and what can we do about it? In this talk, Chris Morgan describes a number of ways in which the Web’s infrastructure can and should change, so that we can benefit even more from the Web as it currently exists. If you’re a web developer, then you’ll likely identify with many of the things mentioned in this talk.  It’ll also explain some of the motivations for the Rust language, and the ways in which Rust tries to improve on other languages in all of these areas.

Michael Coates: Understanding, Exploiting and Defending against Top Web Vulnerabilities

Continuing the discussion of Web security from yesterday’s lecture, today’s talk describes many of the vulnerabilities in modern Web applications — and then goes on to discuss how you can defend against them, as well as test your applications for such holes. Michael Coates, an expert in Web security, looks at some of the most common problems that Web applications experience.

James Mickens: Web security

What does “Web security” mean? This lecture, part of a course at MIT, provides an overview of the challenges facing Web applications nowadays. The instructor, James Mickens, talks about a variety of problems, many of which revolve around the complexity of modern browsers. If you didn’t think that the Web was scary before this talk, you will be worried after watching it!