View the Full Schedule

Browser Serving Your Web Application Security

One important concept in web application security is defense in depth. You protect your server, your network, your database and your application, but what about the user browser? Can it be done? Yes! Several new technologies and protocols to assist security has been added to the browsers. Several should be added, activated and configure from your web server or web page. In this presentation we will explore these technologies and learn how to use them. You'll learn about the Robots meta tags (for crawlers indexing), Browsing Compatibility, XSS and Clickjaking Protection, SSL/TLS Control, and Content Security Policy.

Philippe Gamache

Philippe Gamache (@philoupedia)


Philippe Gamache contributes to PHP since 1999: promotion, participation at local user groups, organizing conferences, speaking at conferences and writing technical articles. He works especially with Symfony, specializing in security, code quality, and performance. Co-author of a PHP security book called "Sécurité PHP 5 et MySQL". He was a member of the executive board of Montreal's OWASP (Open Web Application Security Project) group for several years. Now a big part of his work is to help the PHP community to adopt new tools like kuzzle to add a real-time engine, subscription and notification mechanisms, geolocation/geofencing, advanced search features and more protocols to their applications.