YoVDO

Securing Single Page Applications - Design Considerations and Pitfalls

Offered By: OWASP Foundation via YouTube

Tags

Web Security Courses React Courses Angular Courses Single-Page Applications Courses Content Security Policy Courses

Course Description

Overview

Save Big on Coursera Plus. 7,000+ courses at $160 off. Limited Time Only!
Explore the security implications of Single Page Applications (SPAs) in this 30-minute AppSecUSA 2018 conference talk. Delve into the potential vulnerabilities introduced by the SPA paradigm, particularly in light of the increasing popularity of frameworks like Angular and React. Learn about common security pitfalls affecting SPAs and discover effective mitigation strategies. Gain insights from Microsoft Security Engineers Rafael Dreher and Murali Vadakke Puthanveetil as they discuss topics such as stateful vs stateless applications, JSON handling, cache control, local storage, and resource sharing. Watch a live demo of cross-site scripting and understand the importance of Content Security Policy (CSP). Take away key lessons on securing SPAs, including the proper use of HTTP-only flags and techniques to prevent data theft.

Syllabus

Introduction
Why SPX
Stateful vs Stateless
JSON
Cache Control
Local Storage
Resource Sharing
Demo
Crosssite scripting demo
CSP
Key takeaways
HTTP only flag
How to steal data


Taught by

OWASP Foundation

Related Courses

Internet History, Technology, and Security
University of Michigan via Coursera Client-Server Communication
Google via Udacity HTTP & Web Servers
Udacity Network Security
Georgia Institute of Technology via Udacity Web Security Fundamentals
KU Leuven University via edX