Security Risk: Single-Page Applications by Andreas Falk скачать в хорошем качестве

Security Risk: Single-Page Applications by Andreas Falk

For more info on the next Devoxx UK event 👉 www.devoxx.co.uk Single-page applications are very popular nowadays, and for this reason, current frontends are predominantly executed as Javascript applications entirely in the user's web browser. However, from a security perspective, SPAs bring a much higher risk compared to server-side web applications such as Spring MVC. In this talk, we will look at the popular SPA libraries Angular, React and Vue and take a closer look at their security aspects. In particular, we will look at security risks such as cross-site scripting (XSS), cross-site request forgery (CSRF), token-based authentication risks, and CORS misconfigurations. In order not to leave developers unprotected in the rain, we will analyze the built-in defences of the various SPA libraries or frameworks and show what steps are required beyond that for developers. So be prepared for some XSS popups to appear in your favourite SPAs. The talk is aimed at software developers, architects, and anyone interested in security alike. Basic prior knowledge of how web applications work is necessary to understand the talk. Knowledge of a programming language such as Java or Javascript is helpful, but not mandatory.