This week I had the honor and pleasure of presenting at W3Conf, the W3C's first ever developer conference. I saw some truly amazing work that is expanding the idea of what the Web can be, and all built using open standards.
In that theme, Scott Stender of iSEC Partners and I gave a talk for developers titled "The Future of Web Application Security". We highlighted how growing complexity and capability, new data flows, and the use of Web APIs in all types of clients means that Web App Security can no longer be a strictly server-side concern. Client-side apps must be designed, built and tested to be able to defend themselves. Luckily, standards being developed in the W3C Web Application Security WG and elsewhere, such as Cross-Origin Resource Sharing and the Content Security Policy, are finally giving developers better ways to build securable client-side mashups in a least-privilege environment.