From imec-DistriNet, KU Leuven
Philippe De Ryck is a professional speaker and trainer on software security and web security. Since he obtained his PhD at the imec-DistriNet research group (KU Leuven, Belgium), he has been running the group's Web Security Training program. This training program ensures a sustainable knowledge transfer of the group’s security expertise towards practitioners, enabling them to build better and more secure applications. During his PhD, Philippe also published the "Primer on Client-Side Web Security”, a book giving an in-depth overview of the current security landscape.
Spring Security is a core component of the Spring framework, and plays an important role in securing Java-based Web applications. One of the features offered by Spring Security is the configuration of HTTP response headers. A few examples are the X-FRAME-OPTIONS header, the Strict-Transport-Security header or the Public-Key-Pins header. Each of these headers enables a specific browser-based security mechanism, countering very specific threats in the web platform.
Even though Spring Security does a remarkable job by enabling many of these security features by default, understanding the key concepts behind these headers remains essential. How many times have you turned off a protection measure, just because it got in the way? In this session, we explore a real-life example application, where I will show you step by step how you can leverage the full potential of each of these security headers. At the end of this session, you will have a good understanding of the purpose of these recent security technologies, and their potential impact on your application. In essence, you will be able to make informed choices about the right security technologies to deploy in your application.