Fork me on GitHub


The web is a security minefield, with many hazards like cross-site scripting, cross-site request forgery, and SQL injection. In this talk, I will explain how Facebook handles these common problems with good security libraries, automated detection, and lint rules. I'll describe some of the attacks that we have seen, and I will talk about some of the lessons that we have learned.