Web application and API security trends and threats
Sean Leach from Fastly examines traffic replays of a web attack, what the attacker was targeting, and the technologies that were used to block the attack in this video from Software Architecture 2015.
Most developers have no idea what DDOS, XSS, CSP, HSTS, etc. are, but they’re critical to the availability and security of a web application. This video covers some of the latest improvements in Web PKI (SSL/TLS) that a website should absolutely be using for their web stack.
The PKI / TLS discussion is especially relevant given the continued turmoil around governments snooping on end user traffic. There are few resources on the web that review how you should configure SSL/TLS, and this talk will go over the proper setup to make sure web application end users are protected.
Editor’s note: This video was originally recorded in March 2015 at the O’Reilly Software Architecture Conference.