Web Security Training

Navigating the web security landscape

Navigating the web security landscape

blogposts – Article

Leveraging 20-year old technology to build more secure Web applications

Blog Ever thought about the security consequences of including JavaScript files from just about anywhere? Or why Cross-Site Scripting attacks are so dangerous? It all comes down to the core security model of the browser, where resources from different origins are separated from each other by the Same-Origin Policy. An understanding of the Same-Origin Policy, the protection it offers and, most importantly, its limits, is crucial for building secure Web applications. In this post, we look into the history of the Same-Origin Policy, and we show how it falls short of protecting Web sites from malicious, third-party code. We conclude with concrete advice on how to integrate third-party code in a more secure way, something you should take to heart. Read More ›

blogposts – Article

Are the free SSL/TLS certificates from Let’s Encrypt any good?

Blog Since December 2015, Let’s Encrypt is handing out free SSL/TLS certificates to anyone, hoping to improve the state of security on the Web. But are they any good? Surely they cannot compare to certificates from commercial CAs that cost a few hundred euros? Well, let me show you that you can not only save a lot of money, but also save a lot of time requesting and installing certificates. Read More ›

trainingsessions – Resources

HTTPS, Here and Now

Blog The slides from my presentation at the ICT Security Happening organized by the VDAB Competence Center in Leuven. Read More ›

trainingsessions – Resources

Why Web Security Matters!

Blog The slides from my presentation at the information day on online security for the municipalities of Flemish Brabant. Read More ›

trainingsessions – Resources

Subresource Integrity

Blog The slides from my presentation on Subresource Integrity at the EmberJS Belgium user group. Read More ›