Web Directions Conffab
Stream and download nearly 1,000 presentations from hundreds of world leading experts at 50 conferences…and counting
With free and paid levels, keep up to date with all that's happening in our industry at your own pace.
security, privacy, identity for front end developers
Until recently security, privacy and identity have been considered the responsibility of security experts, back end developers and operations. But as Browser privacy, security and identity APIs bring increasing capability to the front end, along with the power, front end developers are gaining ever more responsibility.
We've created Safe for web and front end developers, for many of whom these issues are a relatively small part of their day-to-day. Our aim is to keep front end professionals up to date with developments in privacy, security and identity technologies and practices, to help them deliver safer, more secure (and better) web experiences.
Safe is for web and front end developers, engineering managers, CTOs–everyone responsible for developing web sites and applications.
All Web Directions conferences feature in-depth knowledge from real world experts. Some you'll know, many you won't, but all bring a world of experience and knowledge.
With free and paid levels, keep up to date with all that's happening in our industry at your own pace.
In response to the unique challenges of COVID-19 we transformed our conferences into remote only events. But we wanted to go way beyond what most online events delvier.
Building on the extensive work we've done with our conference presentation platform Conffab, our conferences have been re-imagined from the ground up the conference experience, not just ports of traditional conferences to the Web.
With a focus on highly engaging, expertly filmed and edited, screen-oriented presentations, alongside spaces to connect, communicate and keep in touch with everything around the conference, you'll be immersed as if you were there–maybe even more so.
Most online conferences run just like in-person conferences–one or two jam-packed days, of live streamed presentation. But with so many folks working remotely, and spending so much of their day in front of a screen we felt it was imperative to rethink this, and do something differently.
Safe takes place over 2 consecutive Fridays in late 2021. It will run for around 4 hours each session (with a bit of downtime built-in). Plus will run it 3 times so wherever you are in the world, you can participate along with your peers, from the comfort of your own home (or maybe even your office).
We've brought together a world–class lineup of experts, covering everything you need to know about privacy, security, identity and payments as a front end developer.
It's a common practice to verify a phone number or implement two factor authentication by sending a one time password over SMS. We can all agree that it's a pretty terrible user experience though.
This process may increase security, but the friction can decrease conversion and the user experience in general. Android and iOS have APIs to combat this, so why not the web? In this talk we'll take a look at autocomplete and the WebOTP API to see how the web platform can help us build secure flows and a better experience all round.
Read More
Running other people's code is dangerous and some people will even tell you that you shouldn't do it. I'm here to tell you that actually, you can run other people's code safely. The solution is hardened JavaScript.
Read More
JSON Web Tokens, or JWTs for short, are all over the web. They can be used to track bits of information about a user in a very compact way and can be used in APIs for authorization purposes. Join me and learn what JWTs are, what problems it resolves, and how you can use JWTs on your applications.
Read More
Privacy feels hard — but it doesn't need to be. If we move past a few confusing notions and the idea that we have to get everything perfectly right immediately, we can find ways to know what needs to be done and to get there step by step.
Read More
With how reachable the web is, everyone is building apps that run on it to target its massive number of users. Many of these web apps require sign-ups or authentication of some form. Learn how to build your web app around one of its core tenets - safety and how you could use the Credential API to build a robust and secure web app on the modern web.
Read More
Authentication and authorization are daunting topics for many developers. Open standards for auth are well defined, but challenging to understand; OAuth, OIDC, JWT, IETF, PKCE?! I'll demystify the specs and concepts step-by-step, giving you the knowledge you need to tackle auth in your front-end apps.
Read More
In the world of continuous delivery and cloud native, the boundaries between what is our application and what constitutes infrastructure is becoming increasingly blurred. Our workloads, the containers they ship in, and our platform configuration is now often developed and deployed by the same teams, and development velocity is the key metric to success. This presents us with a challenge which the previous models of security as a final external gatekeeper step cannot keep up with. To ensure our apps and platforms are secure, we need to integrate security at all stages of our pipelines and ensure that our developers and engineering teams have tools and data which enable them to make decisions about security on an ongoing basis.
Read More
The web has a history of being an over-sharer. Original defaults tended to allowing everything—with restrictions needing to be explicitly added by the site. Newer APIs follow the principle of least privilege, so that's better, but still have the challenge of maintaining backwards-compatibility leaves sites with a lot of responsibility to create a safe experience for visitors. We'll explore how the platform is moving to safer defaults—from phasing out third-party cookies, removing passive fingerprinting surfaces, and enforcing cross-origin isolation. Alongside these ongoing efforts, we'll also go through the changes you can make today to protect your site—from improving cookie usage to locking down your third-party interactions. We will also explore some patterns for balancing appropriate collection of user information with protecting those same users from phishing or other forms of fraud.
Read More
As the web continues to evolve, it’s become increasingly challenging for developers to build secure web experiences that users can trust. Cross-site scripting (XSS) attacks continue to exploit many trusted web applications today, resulting in malicious JavaScript being injected and executed within a user’s browser. This can lead to catastrophic results such as the user’s session being hijacked and having their personal data stolen. This session will help you understand the latest developments in XSS and how to follow best practices to mitigate these types of attacks. You’ll walk away with a checklist to help validate that your applications are best secured to protect your users and digital brand.
Read More
Cryptography forms the backbone of how we securely use information online, but most developers don’t have more than a surface level understanding of cryptography. What's more, cryptography is so easy to mess up - even the experts get it wrong! In this talk, attendees will learn about the basic cryptographic algorithms, how to use cryptographic libraries correctly (and what to avoid), what common attacks you should be thinking about, and what emerging web cryptography technologies you should be paying attention to.
Read More
Year after year, Cross-Site Scripting (XSS) continues to be the most expensive type of web vulnerability found in bug bounty programs. The most common variant of XSS occurs on the client side, when untrusted user input is passed to dangerous DOM APIs. Trusted Types is a novel web browser API designed to eliminate DOM-based XSS. It locks down dangerous DOM sinks, asking developers to prove that input is safe by using an appropriate security policy to avoid triggering a Trusted Types violation. Analyzing results from Google's Vulnerability Reward Program, it has been shown to prevent at least 61% of DOM-based XSS that Google's static code analysis pipeline missed. In this talk we show how web applications can significantly strengthen their security posture against DOM-based XSS by adopting Trusted Types, as well as the steps required to identify, fix, and prevent future Trusted Types violations.
Read More
Trying to get paid on the Web today, as a creator, is broken and unfair. 70% of ad spend globally goes to only 2 platforms. Until recently, the Web couldn't natively compete.
A new W3C Standard proposal, Web Monetization, uses the Interledger Protocol to enable developers like you to make money from your work in an open, native, and seamless way. And all that with as little as a single line of HTML!
Read More
TBF
Read More
New technology beyond is challenging the premise that we have to choose between more friction or more security for authenticating users. This talk will explore the benefits and drawbacks of frictionless authentication options beyond traditional one-time passcodes like biometrics, contextual data, or using devices as secure keys.
Voice recognition in call centers saves both the user and the agent time and frustration. IP address validation is a fast way to trigger additional checks. Device fingerprinting provides a seamless user experience for repeat visitors.
These kinds of frictionless background authentication checks have been deployed to increase trust and improve user experience but aren't a perfect solution: algorithms have bias, IP addresses can be spoofed, and people lose devices.
This talk will walk through three categories of frictionless authentication: biometrics, contextual data, and using devices as keys. We'll discuss the pros and cons of different solutions, including how to make your users feel secure when they don't see the security happening. Finally, we'll offer recommendations for adding frictionless authentication to your application.
Read More
We have diversity scholarships available for all our events. These provide full attendance just like any other attendee. We don't draw attention to those who have received a scholarship, but do look to make connections between them, and with our diversity sponsors, to help ensure the most valuable possible experience.
Our Scholarships focus on people who are unemployed, under-employed, self employed or in the early stages (up to 3 years) of their careers who identify as belonging to a group or groups under-represented at events like ours, and who might otherwise find it difficult to afford to attend.
Read more and apply at our diversity page.
The conference CSS deserves
a conference on front end performance
a conference all about JavaScript
a conference on progressive web apps and web platform
accessibility engineering for front end developers
privacy, security, identity for front end developers
The best of 2022, remixed, and free!
We work closely with our partners and their technologies to deliver world leading online conferences.
Contact us for more on how we work can work with you to help you be even more awesome.
Web Directions is the must-attend event of the year for anyone serious about web development.
Phil Whitehouse,
Innovation Lead DigitasLBi
I’ve been admiring the Web Directions events for years, and was honored to be part… What a fantastic event!
Ethan Marcotte,
inventor "responsive Web design"
Out of any conference, Web Directions is far and away our favourite
Dave Greiner,
founder Campaign Monitor
Co-founded and now run by John Allsopp, Web Directions has for nearly 20 years brought together leading developers, engineers, visual, IxD, UX and product designers, Art and Creative Directors, product managers indeed everyone involved in producing web and digital products to learn from one another, and the World's leading experts across this vast field.
We spend our lives thinking about what comes next, keeping up with trends in technology, practices and processes, and filtering the hype, to make sure you don't miss trends that matter, and don't waste time on hype that doesn't.
We promise attending one of our events will leave you significantly better versed in the challenges you face day to day, and in solutions for addressing them.
John Allsopp has been working on the Web for nearly 30 years. He's been responsible for innovative developer tools such as Style Master, X-Ray and many more. He's spoken at numerous conferences around the World and delivered dozens of workshops in that time as well.
His writing includes two books, including Developing With Web Standards and countless articles and tutorials in print and online publications.
His "A Dao of Web Design" published in 2000 is cited by Ethan Marcotte as a key influence in the development of Responsive Web Design, who's acclaimed article in 2010 begins by quoting John in detail, and by Jeremy Keith as "a manifesto for anyone working on the Web".
For over a decade, we've worked hard to create inclusive, fun, inspring and safe events for the Web Industry.
As part of our commitment to these values, we've adopted a code of conduct for all involved: ourselves, our speakers, our partners and our audience.
If you have any concern or feedback, please don't hesitate to contact us.