November 23, 2019

422 words 2 mins read

Security and performance: Breaking the conundrum. . .again

Security and performance: Breaking the conundrum. . .again

Security techniques have generally focused on protecting users by blocking requests going to the origin, but security is also a concern at the browser. Sonia Burney and Sabrina Burney explore how security can be enforced at the browser level through a combination of optimization techniques and security enhancements, which overall provide an optimal end-user experience.
Talk Title Security and performance: Breaking the conundrum. . .again
Speakers Sonia Burney (Akamai), Sabrina Burney (Akamai)
Conference Velocity
Conf Tag Build resilient systems at scale
Location Santa Clara, California
Date June 21-23, 2016
URL Talk Page
Slides Talk Slides
Video

While security techniques have generally focused on protecting users by blocking requests going to the origin, there is now a shift in trying to protect users at the browser while providing an optimal experience—in areas such as HTTP/2, with its new concept of server push, where the focus is queuing up resources at the origin without being requested by the browser, and the more recent concept of the single-page application, which also aims to reduce the number of requests during a session while loading all necessary resources the first time a site is loaded. This poses the question: where does security fit as we attempt to reduce the number of requests and focus on the end-user experience? The goal of security is to ensure we protect the origin servers by blocking malicious requests going forward. The goal of frontend performance techniques is to improve page rendering for the end user by using several optimizations, including reducing the number of HTTP requests, to increase load time. Sonia Burney and Sabrina Burney explore how security can be enforced at the browser level through a combination of optimization techniques and security enhancements, which overall provide an optimal end-user experience. Optimization techniques inherently reduce the need for security at the origin, as much of the rendering work is focused on the frontend without needing to go back to the origin server. Additionally, the use of certain techniques—obfuscation and HTTP/2, service worker and web worker applications, content security policy (with HTTP/2) and strict transport security, iFrame sandboxing (and more) to avoid third-party phishing or malicious code injections, and subresource integrity—can improve the end-user experience and avoid some security risks involved in navigating between various pages in a site, clicking on third-party content, and filling out forms. As we’ve seen before, a security issue can result in a performance issue and vice versa, so why not utilize techniques that achieve benefits in both areas, which are equally important from an end-user perspective?

code security http/2 optimization performance
comments powered by Disqus
High performance in the critical rendering path

High performance in the critical rendering path

October 16, 2019

Nicolas Bevacqua explores the past, present, and future of web performance. Nicolas quickly covers what you're already doingminifying, bundling, and using progressive enhancementbefore moving on to what you should be doingoptimizing TCP, inlining the important stuff, and deferring the rest so that you don't block the rendering path. Nicolas also explores what HTTP/2 has in store for the future.
Real-world experience with HTTP/2

Real-world experience with HTTP/2

November 23, 2019

Michael Gooding and Javier Garza share their experiences using HTTP/2 over the last 12 months, exploring case studies that demonstrate how performance can be improved while also addressing backward compatibility, using RUM data to review performance-related observations of customers after making the switch, and hands-on demos of HTTP/2 with server push and HTTP/2 + QUIC.
Scaling frontend performance

Scaling frontend performance

November 23, 2019

Patrick Meenan outlines techniques for serving rich experiences to users on fast connections while still offering a fast experience for users on slow connections and addresses some eye-opening issues and solutions for serving content on mobile connections.
Apache Eagle: Secure Hadoop in real time

Apache Eagle: Secure Hadoop in real time

November 21, 2019

Apache Eagle is an open source monitoring solution to instantly identify access to sensitive data, recognize malicious activities, and take action. Arun Karthick Manoharan, Edward Zhang, and Chaitali Gupta explain how Eagle helps secure a Hadoop cluster using policy-based and machine-learning user-profile-based detection and alerting.
Using machine learning to determine drivers of bounce and conversion

Using machine learning to determine drivers of bounce and conversion

November 21, 2019

Google partnered with SOASTA to train a machine-learning model on a large sample of real-world performance, conversion, and bounce data. Patrick Meenan and Tammy Everts offer an overview of the resulting modelable to predict the impact of performance work and other site metrics on conversion and bounce rates.
Your hero images need you: Save the day with HTTP/2 image loading

Your hero images need you: Save the day with HTTP/2 image loading

November 21, 2019

Tobias Baldauf explains how to use HTTP/2's superpowers to optimize image delivery, thereby increasing the perceived performance of your page, reducing load times, and driving conversions.