Christ Varenhorst
| Jan/11 | Mon | 05:00PM-06:00PM | 4-237 |
Enrollment: Unlimited: No advance sign-up
This 1-hour talk will be a survey of some of the more advanced types of web application attacks and defenses. I'll include live demos and anecdotes from Dropbox whenever appropriate. Some topics include history leaking through cache timing, clickjacking/ui redressing attacks, logged out CSRF attacks, the benefits and challenges of deploying Content Security Protection on a large site, and implementing privilege separation for 3rd party JavaScript. Attendees should walk away with a broader knowledge around the types of attacks out there and how to defend against them.
Chris is a Course 6 alum and engineer at Dropbox where he leads the Developer Platform team.
Sponsor(s): Student Information Processing Board
Contact: Christ Varenhorst, sipb-iap16-web-security@mit.edu