Building Layers of Defense with Spring Security

Explore layers of defense in application security using Spring Security in this GOTO Amsterdam 2017 conference talk. Dive into essential concepts like authentication, authorization, and web security. Learn how to implement crucial security measures including HTTP headers, CSRF protection, and CORS attack prevention. Discover techniques for securing method invocations, implementing multi-tenancy, and ownership-based access control. Gain insights on browser caching, content sniffing prevention, and protection against clickjacking and cross-site scripting attacks. Understand the importance of HTTPS, proper session management, and secure password handling. Apply these concepts to build robust, multi-layered security for modern web applications using the Spring Framework.

Introduction
Who am I
What is security
Application level security
Layers of defense
Redundancy
Spring Security
Application Security
Getting Started
Authentication Manager
Web Security
Authorization
Default Setup
Default Login Page
Browser Caching
Browser Headers
Content Sniffing
HTTP Strict Transport Security
Clickjacking Attacks
XFrame Options
Reflected CrossSite Scripting
Public Key Pinning
Headers
CSRef Protection
Custom Tokens
State Changing Operations
Session Scope Token
Single Page Applications
CSRF Security
Authorization Requests
Limitations
Ordering Rules
Denial of Access
Gutshots
NetEnabled
Method Security Annotation
PostAuthorize
Custom Functions
Method Level Security
Net Roles Allowed
Accessing Current Users
Custom Authorization
Access Control List
HTTPS Everywhere
Coverage Sessions
Passwords
Conclusion
Defaults