Abstract:
Building secure web applications is hard. Rails has a bunch of built-in security features, but some security risks are outside of Rail's purview. HTTPS encryption is a big one. Often as developers, we skip HTTPS in development and only run it in production. But this can lead to problems with per-customer hostnames, secure cookies, and mixed-content issues. The talk will include an overview of these problems, how (local) HTTPS works, and how it helps with secure development.
Bio:
Ben Burkert is the CTO of Anchor (https://anchor.dev/), a security product that helps companies deploy internal TLS encryption. Ben has been a Ruby developer since 2006, and has worked at various bay area startups including Heroku, GitHub, and Engine Yard.
Abstract: Building secure web applications is hard. Rails has a bunch of built-in security features, but some security risks are outside of Rail's purview. HTTPS encryption is a big one. Often as developers, we skip HTTPS in development and only run it in production. But this can lead to problems with per-customer hostnames, secure cookies, and mixed-content issues. The talk will include an overview of these problems, how (local) HTTPS works, and how it helps with secure development.
Bio: Ben Burkert is the CTO of Anchor (https://anchor.dev/), a security product that helps companies deploy internal TLS encryption. Ben has been a Ruby developer since 2006, and has worked at various bay area startups including Heroku, GitHub, and Engine Yard.