The slides below are from a talk
I gave in August 2019 at USENIX Security. They cover the major security problems we
see on the modern web, tracing them back to design decisions made at a time when the
web looked very different than it does today.
The talk also outlines some of the work that we have to do to address these
problems, including designing comprehensive new security
mechanisms, deprecating unsafe legacy behaviors, and paying closer attention to newly launching features.
The slide comments below are not a transcript, but what I would have ideally
said if I had a bit more time and public speaking was easy. The original
PDF version of the slides is here.