Workshop: A builder’s guide to Single Page Application security
In this training, you will learn how to build secure Single Page Applications. We cover changes in the security model of an application, common threats to an application, framework features that increase security, and state-of-the-art security technology you should start using. Concretely, we will cover the following topics:
- XSS in Angular and React
- Advanced injection attacks
- The limitations of CSP in Single Page Applications
- Recent developments in CSP
- Protecting yourself against malicious third-party content
- JWT abuse and best practices
- The intricacies of Cross-Origin Resource Sharing
- Recent developments in using OAuth 2.0 and OpenID Connect
The training consists of both lectures and hands-on lab sessions. Lectures go into depth on security threats and mitigation strategies. Labs are conducted in a custom-built competitive lab environment. Security challenges give you hands-on experience with attacks and defenses. You will walk away from this training with an overview of current best practices, along with actionable advice on implementing them.
Who should attend?
This security training specifically targets modern web developers. Anyone involved in building single-page applications (e.g., Angular, React) or managing development teams should be here. This training course is not just any training course. It is packed with in-depth and up-to-date content. We do not merely brush over a threat and defense but focus on the underlying cause and consequences. Why do we have this problem? Which mitigations are often used? Why are some ineffective? Which one is the current best practice? These are the questions that will be answered throughout the training.
To participate in this training, you should have development experience with single-page applications and the underlying APIs. Familiarity with the basics of security (e.g., simple XSS attacks) is helpful, but not required. The training will talk about Angular and React specifically, but also applies to other frameworks, such as EmberJS or Vue.js.
To participate in the lab sessions, participants need an internet-accessible laptop with a modern browser installed (E.g., Chrome, Firefox).