Building Secure ReactJS Apps: Mastering Advanced Security Techniques • Jim Manico • GOTO 2024 скачать в хорошем качестве

Building Secure ReactJS Apps: Mastering Advanced Security Techniques • Jim Manico • GOTO 2024

This presentation was recorded at GOTO Copenhagen 2024. #GOTOcon #GOTOcph https://gotocph.com Jim Manico - OWASP Project Leader, AppSec Enthusiast & Java Champion ‪@JimManicode‬ ORIGINAL TALK TITLE Building Secure ReactJS Applications: Mastering Advanced Security Techniques RESOURCES   / manicode     / jmanico   https://manicode.com Links https://github.com/cure53/DOMPurify https://github.com/facebook/react/blo... https://cure53.de/purify https://github.com/yahoo/serialize-ja... https://github.com/maxchehab/CSS-Keyl... https://www.npmjs.com/package/react https://www.npmjs.com/package/react-m... https://retirejs.github.io/retire.js https://docs.npmjs.com/cli/v11/comman... https://eslint.org https://datatracker.ietf.org/doc/html... ABSTRACT Welcome to a deep dive into ReactJS security, where we address issues such as Cross-Site Scripting (XSS), content injection, and data leaks in ReactJS applications. These threats continue to challenge web developers, making robust ReactJS security practices essential. ReactJS offers some built-in and automatic measures against XSS. However, securing ReactJS applications requires a deeper understanding and implementation of advanced security techniques. This presentation is tailored for developers eager to enhance their security skills in ReactJS. In this session, we will delve into a range of critical security topics with a focus on defensive coding techniques to secure your ReactJS applications effectively. Topics covered include: • Navigating the Security Landscape of React Components • Decoding React's Built-in XSS Protections • The Intricacies of Props and Types • A Closer Look at dangerouslySetInnerHTML • Understanding User-submitted URLs in React • Enhancing React Security with CSS Styled-Components • The Dynamics of JSON and React Integration • The Power of Lazy Loading and Access Control in React • Exploring React Template Injection Vulnerabilities • The Role of Server-Side Rendering in React Security This session is designed to expand your ReactJS knowledge, strengthen your security strategies, and give you exact methods to help you build safer, more robust ReactJS applications. Join us to master advanced defense techniques and contribute to the development of secure ReactJS applications! [...] TIMECODES 00:00 Intro 02:28 Agenda 03:11 AI secure code generation lifecycle 07:03 What is React & what are the top security domains 08:31 R1: Cross site scripting 11:47 React security domains 11:58 R1: XSS 16:48 R2: Dangerous URLs 20:54 R3: Rendering HTML 23:56 R4: Securing JSON 25:49 R5: Dangerous styles 27:47 R6: Insecure native DOM access 30:04 R7: Access control & exposed failures 35:35 R8: Vulnerable & outdated versions & dependencies 37:43 R9: Open redirects 39:09 R10: Insecure server-side rendering 40:32 Demo 42:16 Outro Download slides and read the full abstract here: https://gotocph.com/2024/sessions/3343 RECOMMENDED BOOKS Jim Manico & August Detlefsen • Iron-Clad Java • https://amzn.to/3qGqwBw Liz Rice • Container Security • https://amzn.to/3oU4iJe Liz Rice • Kubernetes Security • https://www.oreilly.com/library/view/... Aaron Parecki • OAuth 2.0 Simplified • https://amzn.to/2A3IMOf Aaron Parecki • OAuth 2.0 Servers • https://amzn.to/3ecHEsz Chris Minnick • Beginning ReactJS Foundations Building User Interfaces with ReactJS • https://amzn.to/4inewgR https://bsky.app/profile/gotocon.com   / gotocon     / goto-     / goto_con     / gotoconferences   #ReactJS #ReactAITop10 #XSS #Security #Cybersecurity #XSSProtection #ReactJSSecurity #CrossSiteScripting #Programming #SoftwareEngineering #JimManico #Manicode CHANNEL MEMBERSHIP BONUS Join this channel to get early access to videos & other perks:    / @goto-   Looking for a unique learning experience? Attend the next GOTO conference near you! Get your ticket at https://gotopia.tech Sign up for updates and specials at https://gotopia.tech/newsletter SUBSCRIBE TO OUR CHANNEL - new videos posted almost daily. https://www.youtube.com/user/GotoConf...