Mike West is a Web Developer in Munich

Time 2020-07-28 19:03:32

Web Name: Mike West is a Web Developer in Munich

WebSite: http://mikewest.org

ID:37747

Keywords:

is,West,Mike,

Description:

works and plays on the internet. Currently working as a software engineer on Google's Chrome team in Munich, he tries to make the web platform marginally less insecure than it generally is. Drop him an email at mike@mikewest.org follow him on Twitter or circle him on Google+ Mike West builds websites that (on their best days) delight inform. He does it well. This is a quick summary of a presentation I gave last week at Google’s second CMS Security Summit, held here in Munich. TL;DR: Injection attacks are bad, isolation is lacking, and I’m looking forward to more collaboration on both fronts. I had the distinct pleasure of talking with folks at this year’s CSSConf EU about the dangers of content-injection attacks. They’re not just for JavaScripters, you see: CSS is dangerous too! They’ve just posted the video, and I think it’s worth a little under a half-hour of your time to skim through. Last week, I was in Zürich to chat about client-side security. Here, I’ve wrapped up an annotated transcript, along with the slides and video. I’m pretty happy with how the talk turned out: I think it’s a good representation of what I think is important in frontend security, and worth your time to peruse. After working with Blink’s implementation of window.onerror a little bit over the last week or so, I’m somewhat amazed that anyone ever used it for anything at all. Happily, we’ve made some big improvements in the last week or two that I think it’s worth highlighting here. At the end of last year, I presented ‘Securing the Client Side’ at Devoxx, and I’ve been meaning to put together a more accessible version of the talk for those who weren’t there. I think the topics are important, and worth the effort of updating this site for the first time in a year. cough. AngularJS has recently implemented support for Content Security Policy that restricts the use of eval(), new Function(), and other such text-to-JS conduits. This is a huge win, as CSP is one of the best protections modern browsers provide against XSS attacks. However, Angular’s implementation reveals a need for feature detection that the spec currently doesn’t address. This is my proposal for such an API. When you start Chrome, it attempts to connect to three random domains. I’ve seen a few theories about why exactly this happens that brush up against the nefarious. The true rationale is incredibly mundane: hopefully this short summary will clear things up. New Year’s resolutions come in all shapes and sizes; if you’re a web developer stuck for good ideas of things you could do to improve the world (or at least the tiny chunk of it that’s concerned with web performance and security) I’d like to propose two: secure all your websites, and use a cookieless domain for static assets. Back in November, I presented twice at the Google Developer Day in Tel-Aviv. The first of those talks has been uploaded, and I spent most of the afternoon transcribing it to post here. I wanted to give the audience (you!) an introduction to screen readers, and to building accessible websites and applications. I think it was pretty successful, and I hope you enjoy it if you watch at home. I had the opportunity to present a few demos during the Chrome section of Saturday’s Google Developer Day in Berlin (which, incidentally, was a blast). I expect a video to go up at some point in the vaguely near future, but, since I got more than a few questions about it, I’m throwing the links up here as a stopgap before the video’s released.

TAGS:is West Mike 

<<< Thank you for your visit >>>

Hot Websites