Cover image for Building Web Apps that Respect a User's Privacy and Security

Building Web Apps that Respect a User's Privacy and Security

Author Adam D. Scott
Release Date: 2016/12/01
ISBN: 9781492042921
Topic:
0%
12
Chapters
0-1
Hours read
0k
Total Words
    Start Reading Now    
       Add to Wishlist       
View table of contents

Book Description

A recent survey from the Pew Research Center found that few Americans are confident about the security or privacy of their data—particularly when it comes to the use of online tools. As a web developer, you represent the first line of defense in protecting your user’s data and privacy. This report explores several techniques, tools, and best practices for developing and maintaining web apps that provide the privacy and security that every user needs—and deserves.

Each individual now produces more data every day than people in earlier generations did throughout their lifetimes. Every time we click, tweet, or visit a site, we leave a digital trace. As web developers, we’re responsible for shaping the experiences of users’ online lives. By making ethical, user-centered choices, we can create a better Web for everyone.

  • Learn how web tracking works, and how you can provide users with greater privacy controls
  • Explore HTTPS and learn how to use this protocol to encrypt user connections
  • Use web development frameworks that provide baked-in security support for protecting user data
  • Learn methods for securing user authentication, and for sanitizing and validating user input
  • Provide exports that allow users to reclaim their data if and when you close your service

This is the third report in the Ethical Web Development series from author Adam Scott. Previous reports in this series include Building Web Apps for Everyone and Building Web Apps That Work Everywhere.

Table of Contents

  1. Preface
    1. What Are Ethics?
      1. Professional Ethics
    2. Intended Audience
  2. 1. Introduction
    1. Our Responsibility
  3. 2. Respecting User Privacy
    1. How Users Are Tracked
    2. What Does Your Browser Know About You?
    3. Do Not Track
      1. Detecting Do Not Track
      2. Respecting Do Not Track
      3. Sites that Respect Do Not Track
    4. Web Analytics
    5. De-identification
    6. User Consent and Awareness
      1. Creating a Do Not Track Policy
    7. Further Reading
  4. 3. Encrypting User Connections with HTTPS
    1. How HTTPS Works
      1. How the TLS Connection Works
    2. Why Use HTTPS
      1. User Privacy and Security
      2. Site Authenticity
      3. Browsers Deprecating HTTP
      4. Improved Search Rankings
    3. Implementing HTTPS
      1. Let’s Encrypt
      2. Other Certificate Options
    4. Other Considerations
      1. Redirect HTTP to HTTPS
      2. HTTP Strict Transport Security
      3. Mixed Content and Relative URLs
      4. Secure Cookies
    5. Conclusion
    6. Further Reading
  5. 4. Securing User Data
    1. Building on a Strong Foundation
    2. OWASP Top 10
    3. Secure User Authentication
      1. Creating Our Own Login System
      2. OAuth 2.0
      3. Password Strength
      4. Multifactor Authentication
      5. Other Types of Authentication
    4. Encrypting User Data
    5. Sanitizing and Validating User Input
    6. Cross-Site Request Forgery Attacks
    7. Security Headers
      1. Content-Security-Policy (CSP)
      2. X-Frame-Options
      3. X-XSS-Protection
      4. X-Content-Type-Options
      5. Checking Security Headers
    8. Security Disclosures and Bug Bounty Programs
    9. Conclusion
    10. Further Reading
  6. 5. Preserving User Data
    1. Data Ownership
    2. Deleting User Data
    3. Archiving and Graceful Shutdown
    4. Further Reading
  7. 6. Conclusion