XSS, CSRF, CSP, JWT, WTF? IDK - JSConf Iceland

Learn about crucial web application security concepts in this 28-minute JSConf Iceland 2018 talk. Explore the evolution of security threats beyond SQL injections, focusing on vulnerabilities in modern Single Page Applications and front-end frameworks. Dive into essential abbreviations like XSS, CSRF, CORS, JWT, and HTTPS, understanding their significance in protecting both developers and users. Discover practical strategies to safeguard against the new generation of security risks, covering topics such as cookies, JSON Web Tokens, social network vulnerabilities, and clickjacking prevention. Gain insights into security best practices, including the implementation of Content Security Policy (CSP) and the importance of regular security audits.

Intro
HTTPS
JWT
Cookies
JSON Web Tokens
Social Network
CSRF
Target Blank
No Opener
Little Bobby
Myspace worm
CSS inline CSS
XSS demo
JSONP
CSP
CSP should be your safety net
Avoid clickjacking
Security audits
Summary