19 Oct 2017
15:55 - 16:45
Their problems are your problems: securing a 3rd-party web
The more you can control, the easier it is to maintain security. But today’s web doesn’t work that way. The rise of open-source development means that much of the code in our applications was written by someone else. Serverless and PaaS approaches mean that our servers are managed by someone else. And a host of third-party services for analytics, testing, reporting and much more means that we’re pulling code into our sites from domains we don’t control.
We can’t, and shouldn’t, avoid these approaches—the benefits are far too great to ignore—but we need to tread with care. We offload so much responsibility, but we assume all the risk. If something goes wrong, it’s our users and our businesses that will suffer.
In this talk, we’ll explore the rise of the third-party web. We’ll learn what we can do to protect our applications and keep them secure, even when so much is beyond our control.