SPArring with the Security of Single Page Applications - MMA Hacker Training

Explore the complexities of securing Single Page Applications (SPAs) in this comprehensive conference talk from AppSecUSA 2016. Dive into the concept of becoming a Mixed Multilayer Application (MMA) Hacker, drawing parallels between mixed martial arts and the multifaceted approach needed for SPA security. Learn about various application layers, including interface, backend, network, and interconnectivity. Gain insights into SPA frameworks like AngularJS and ReactJS, REST APIs, WebSockets, and the security implications of third-party integrations. Discover available tools and potential gaps in addressing these challenges. Whether you're a seasoned security professional or just starting out, this talk provides valuable training to enhance your SPA security skills and stay ahead in the rapidly evolving world of web and mobile application development.

Intro
Tale of the Tape
Our Introduction to Martial Arts
Individual "Martial Arts" Disciplines
Which Discipline is better?
Which attacks are better?
Starting to "Mix" Disciplines
Possible levels of a fight
Modern fighters must be well rounded
JavaScript becomes Asynchronous
Applications getting more difficult
HTTP Standard Format
Swing and a Miss
Landing the blow
Crawling AJAX Apps
SPA Frameworks
REACT Virtual DOM: Breaking scanners
REACT Recap
Don't forget Mobile!
Sample Custom Signing Code
Embrace the challenge
Thank you!