Network & Infrastructure Vulnerabilities
Even if you lock down your client and server side, it's still our responsibility as developers to prevent users from getting into trouble when networks and certificates are tampered with.
Network & Infrastructure VulnerabilitiesMan-in-the-middle attacks, HTTPS and HSTS
There's a good reason that the entire internet is moving toward HTTPS: it is exceedingly easy to observe and tamper with plain HTTP traffic. However, HTTPS is not enough! We'll look at HTTP Strict Transport Security headers, and how we can save users from themselves.
Network & Infrastructure VulnerabilitiesSubresource Integrity (SRI)
What would happen if someone tampered with your CDN? Subresource Integrity (SRI) protects us from problems caused by tampered CDN, even when everything else fails. We'll look at how an attack could be staged, and how SRI would save our users.
Network & Infrastructure VulnerabilitiesWrap up and Recap
We'll recap everything we've covered, and provide references for further reading and learning.