Web application and API security trends and threats
Sean Leach from Fastly examines traffic replays of a web attack, what the attacker was targeting, and the technologies that were used to block the attack in this video from Software Architecture 2015.
![City walls](https://www.oreilly.com/content/wp-content/uploads/sites/2/2020/01/city-walls-1400-dd4c1b724d0879ecbf089d4cbc24aeb6.jpg)
Most developers have no idea what DDOS, XSS, CSP, HSTS, etc. are, but they’re critical to the availability and security of a web application. This video covers some of the latest improvements in Web PKI (SSL/TLS) that a website should absolutely be using for their web stack.
The PKI / TLS discussion is especially relevant given the continued turmoil around governments snooping on end user traffic. There are few resources on the web that review how you should configure SSL/TLS, and this talk will go over the proper setup to make sure web application end users are protected.
Editor’s note: This video was originally recorded in March 2015 at the O’Reilly Software Architecture Conference.