The slides below are from a talk
I gave in August 2019 at USENIX Security. They cover the major security problems we
see on the modern web, tracing them back to design decisions made at a time when the
web looked very different than it does today.
The talk also outlines some of the work that we have to do to address these problems, including designing comprehensive new security mechanisms, deprecating unsafe legacy behaviors, and paying closer attention to newly launching features.
The slide comments below are not a transcript, but what I would have ideally said if I had a bit more time and public speaking was easy. The original PDF version of the slides is here.