Securing Single Page Applications - Design Considerations and Pitfalls
Offered By: OWASP Foundation via YouTube
Course Description
Overview
Explore the security implications of Single Page Applications (SPAs) in this 30-minute AppSecUSA 2018 conference talk. Delve into the potential vulnerabilities introduced by the SPA paradigm, particularly in light of the increasing popularity of frameworks like Angular and React. Learn about common security pitfalls affecting SPAs and discover effective mitigation strategies. Gain insights from Microsoft Security Engineers Rafael Dreher and Murali Vadakke Puthanveetil as they discuss topics such as stateful vs stateless applications, JSON handling, cache control, local storage, and resource sharing. Watch a live demo of cross-site scripting and understand the importance of Content Security Policy (CSP). Take away key lessons on securing SPAs, including the proper use of HTTP-only flags and techniques to prevent data theft.
Syllabus
Introduction
Why SPX
Stateful vs Stateless
JSON
Cache Control
Local Storage
Resource Sharing
Demo
Crosssite scripting demo
CSP
Key takeaways
HTTP only flag
How to steal data
Taught by
OWASP Foundation
Related Courses
Single Page Web Applications with AngularJSJohns Hopkins University via Coursera Front-End JavaScript Frameworks: AngularJS
The Hong Kong University of Science and Technology via Coursera Front End Frameworks
Google via Udacity Developing Dynamic Web Applications Using Angular
Microsoft via edX AngularJS: Advanced Framework Techniques
Microsoft via edX