Securing Single Page Applications - Design Considerations and Pitfalls
Offered By: OWASP Foundation via YouTube
Course Description
Overview
Explore the security implications of Single Page Applications (SPAs) in this 30-minute AppSecUSA 2018 conference talk. Delve into the potential vulnerabilities introduced by the SPA paradigm, particularly in light of the increasing popularity of frameworks like Angular and React. Learn about common security pitfalls affecting SPAs and discover effective mitigation strategies. Gain insights from Microsoft Security Engineers Rafael Dreher and Murali Vadakke Puthanveetil as they discuss topics such as stateful vs stateless applications, JSON handling, cache control, local storage, and resource sharing. Watch a live demo of cross-site scripting and understand the importance of Content Security Policy (CSP). Take away key lessons on securing SPAs, including the proper use of HTTP-only flags and techniques to prevent data theft.
Syllabus
Introduction
Why SPX
Stateful vs Stateless
JSON
Cache Control
Local Storage
Resource Sharing
Demo
Crosssite scripting demo
CSP
Key takeaways
HTTP only flag
How to steal data
Taught by
OWASP Foundation
Related Courses
Desarrollo de Aplicaciones Web: Nivel de PresentaciĆ³nUniversity of New Mexico via Coursera Front End Frameworks
Google via Udacity Front-End JavaScript Frameworks: Angular
The Hong Kong University of Science and Technology via Coursera Front-End Web Development with React
The Hong Kong University of Science and Technology via Coursera Desarrollo de pƔginas con Angular
Universidad Austral via Coursera