The web is broken: let's fix it.
The web platform security model didn't age well and most widespread security issues have been there for over 15 years. With XSS, CSRF, XSSI and cross-site leaks being rampant and plaguing the WWW, browsers vendors and security engineers decided to join efforts and design some new security features for the web. This talk will walk trough those new features and how adding security to your web applications is now easier and less error-prone.
Roberto became a Security Engineer at Google after spending two years working as a penetration tester and code reviewer for Secure Network. He loves to write, hack, customize, patch and tailor any software that allows him to do so.
Michele Spagnuolo is a Senior Information Security Engineer at Google focusing on security enhancements and mitigations for web applications. He co-authored the W3C Content Security Policy 3 specification. Other works include Rosetta Flash and BitIodine.