Haunted: Chrome's vision for post-Spectre web development

Haunted: Chrome's vision for post-Spectre web development

Description:

Ahh, the web, an open platform where sites can communicate with each other, embed third-party content to unlock powerful features, make requests to arbitrary endpoints of other web applications...

Well. Isolation was never a thing on the web, and this creates a number of security issues ¤but Spectre took this to the next level.

In response to this new type of vulnerability, Chrome and other web browsers have worked to make attacks harder by implementing Site Isolation.But Site Isolation doesn't fix it all, and the house is still haunted: Spectre attacks are still possible. The risk is very real, and working JavaScript exploits have demonstrated the spooky potential of this class of attacks.

So, what can you do? In this session, we'll look at how you can keep your site secure and capable with Sec-Fetch- headers, Cross-Origin Opener Policy and more. We'll explore techniques and tooling that can help you adopt these features, and we'll finish with some thoughts of what Chrome envisions for the future of web security.

Speakers:

Maud Nalpas

Developer Relations Engineer, undefined

Patch Logo SegmentPatch Logo SegmentPatch Logo SegmentPatch Logo SegmentPatch Logo SegmentPatch Logo SegmentPatch Logo SegmentPatch Logo SegmentPatch Logo SegmentPatch Logo SegmentPatch Logo SegmentPatch Logo SegmentPatch Logo Segment

Snyk is a developer security platform. Integrating directly into development tools, workflows, and automation pipelines, Snyk makes it easy for teams to find, prioritize, and fix security vulnerabilities in code, dependencies, containers, and infrastructure as code. Supported by industry-leading application and security intelligence, Snyk puts security expertise in any developer’s toolkit.

Start freeBook a live demo