By day Tim Perry is a technical lead and the open-source champion at Softwire, guiding teams, building a variety of great software at every scale for Softwire's clients, and pushing Softwire to engage with and give back to the wider software development community. By night he's a prolific open-source contributor on huge variety of projects including Sinon.JS, Moment, Knockout & Lodash, along with some of his own such as loglevel and grunt-coveralls, and is feverishly keen on all things relating to automated testing, polyglot persistence, and good old-fashioned high-quality software development.
Securely setting up a web stack today is a tricky balancing act, as you gingerly balance frameworks and services and tools all atop one another, ever higher, to get all mod cons happily running together safely and correctly. One security flaw though, and the whole pile tumbles down on you to throw your customer passwords to the world. In this talk we take a stroll down through a modern web stack and examine some recent major security breakages in each layer to see how they work and why. With any luck we can work out how to avoid this sort of thing in future too, when either using or building such tools, but if all else fails we can at least relax from all the careful balancing with a little schadenfreude.