François is a Security and Privacy Engineer at Mozilla and member of the W3C web application security working group. During the day, he works to give web developers better tools for securing their websites, and to help users protect themselves online. At night, he contributes to Open Source projects such as Debian and Libravatar and occasionally finds time to write on his technical blog. He lives on the Left Coast and enjoys finding excuses to contribute to OpenStreetMap on his way to work.
English session - Intermediate
Most web developers have some knowledge of input sanitization and encryption, but what happens when you forget an edge case or when users are connected to a rogue access point?
Through the use of technologies like strict transport security, content security policy, sub-resource integrity, and the referrer policy, web developers can instruct browsers to add a second layer of defenses against the most common attacks.