This event has ended. Visit the official site or create your own event on Sched.
Get your ticket and additional info and support at jcon.one
Back To Schedule
Thursday, September 22 • 10:00 - 10:50
Security Risk: Single-Page Applications

Log in to save this to your schedule, view media, leave feedback and see who's attending!

Feedback form is now closed.
Single-page applications are very popular nowadays, and for this reason, current frontends are predominantly executed as Javascript applications entirely in the user's web browser. However, from a security perspective, SPAs bring a much higher risk compared to server-side web applications such as Spring MVC. In this talk, we will look at the popular SPA libraries Angular, React and Vue and take a closer look at their security aspects. In particular, we will look at security risks such as cross-site scripting (XSS), cross-site request forgery (CSRF), token-based authentication risks, and CORS misconfigurations. In order not to leave developers unprotected in the rain, we will analyze the built-in defenses of the various SPA libraries or frameworks and show what steps are required beyond that for developers. So be prepared for some XSS popups to appear in your favorite SPAs. The talk is aimed at software developers, architects, and anyone interested in security alike. Basic prior knowledge of how web applications work is necessary to understand the talk. Knowledge of a programming language such as Java or Javascript is helpful, but not mandatory.

avatar for Andreas Falk

Andreas Falk

Lead of Agile Security, Novatec Consulting
Andreas Falk has been working in enterprise application development projects for more than twenty years. Currently, he is working as a managing consultant for Novatec Consulting, located in Germany. In various projects, he has since been around as an architect, coach, and developer... Read More →

Thursday September 22, 2022 10:00 - 10:50 CEST
#5 Web Development