Secure Composition: How Tooling Can Improve Security

  • Date 20 Nov 2019 - Wednesday

Secure Composition: How Tooling Can Improve Security

20 Nov 2019, 15:00 - 15:45

Geek Street
Language:
English

Lessons learned in Google engineering about how tools are ideally placed to preserve important security properties. This talk discusses template languages, a widely used tool that sits between untrusted inputs and oft-trusted outputs.

Topics addressed include:

  • How almost all template languages fall short with respect to XSS-safety.
  • The "link litmus test" which shows how to distinguish a "safe" template language.
  • Defining "safe" in this context. 
  • How Google re-engineered its template languages to be safe.
  • How modern client-side frameworks present challenges.
  • How some, like React, are adapting based on these insights.

Learning Outcome:

  • Get a better understanding of tool tradeoffs.
  • Learn arguments that help when guiding developers towards safer tools.
  • Build intuitions relating to a common class of attacks.
  • Learn upcoming features in popular frameworks to keep an eye on.
  • See how specific technical factors in security can enable organizational factors.

 

Contributors

  • Mike Samuel

    Speaker

    Security Engineer

    Google

    Mike Samuel works on Google's technical infrastructure team improving libraries and programming languages to make it easier to produce secure &...

We use cookies to operate this website and to improve its usability. Full details of what cookies are, why we use them and how you can manage them can be found by reading our Privacy & Cookies page. Please note that by using this site you are consenting to the use of cookies.