GOTO 2019 • Building Secure React Applications • Philippe De Ryck
This presentation was recorded at GOTO Berlin 2019. #GOTOcon #GOTOber
http://gotober.com
Philippe De Ryck - PhD in web security, OWASP and practical security mastermind and founder of Pragmatic Web Security
ABSTRACT
React is a secure framework. It handles cross-site scripting (XSS) out of the box. While these statements sound very hopeful, they are unfortunately far from reality. Building secure applications with React is easier than starting from scratch. However, even with React, there are several guidelines and considerations to take into account.
In this session, we take a deep-dive into two particular topics. We take a close look at XSS, React's defenses, and the responsibilities of the developer. The second topic zooms in on the challenges with including NPM dependencies. We look at how attackers abuse NPM to target your application. Throughout these topics, we build a set of concrete guidelines you can immediately apply to [...]
Download slides and read the full abstract here:
https://gotober.com/2019/sessions/833/building-secure-react-applications
https://twitter.com/GOTOber
https://www.linkedin.com/company/goto-
https://www.facebook.com/GOTOConferences
#Security #OWASP #React
Looking for a unique learning experience?
Attend the next GOTO Conference near you! Get your ticket at http://gotocon.com
SUBSCRIBE TO OUR CHANNEL - new videos posted almost daily.
https://www.youtube.com/user/GotoConferences/?sub_confirmation=1
Видео GOTO 2019 • Building Secure React Applications • Philippe De Ryck канала GOTO Conferences
http://gotober.com
Philippe De Ryck - PhD in web security, OWASP and practical security mastermind and founder of Pragmatic Web Security
ABSTRACT
React is a secure framework. It handles cross-site scripting (XSS) out of the box. While these statements sound very hopeful, they are unfortunately far from reality. Building secure applications with React is easier than starting from scratch. However, even with React, there are several guidelines and considerations to take into account.
In this session, we take a deep-dive into two particular topics. We take a close look at XSS, React's defenses, and the responsibilities of the developer. The second topic zooms in on the challenges with including NPM dependencies. We look at how attackers abuse NPM to target your application. Throughout these topics, we build a set of concrete guidelines you can immediately apply to [...]
Download slides and read the full abstract here:
https://gotober.com/2019/sessions/833/building-secure-react-applications
https://twitter.com/GOTOber
https://www.linkedin.com/company/goto-
https://www.facebook.com/GOTOConferences
#Security #OWASP #React
Looking for a unique learning experience?
Attend the next GOTO Conference near you! Get your ticket at http://gotocon.com
SUBSCRIBE TO OUR CHANNEL - new videos posted almost daily.
https://www.youtube.com/user/GotoConferences/?sub_confirmation=1
Видео GOTO 2019 • Building Secure React Applications • Philippe De Ryck канала GOTO Conferences
Показать
Комментарии отсутствуют
Информация о видео
Другие видео канала
![GOTO 2019 • Common API Security Pitfalls • Philippe De Ryck](https://i.ytimg.com/vi/Ss1tZjooo9I/default.jpg)
![Building Secure React Applications](https://i.ytimg.com/vi/7rywmJgTrDg/default.jpg)
![GOTO 2019 • "Good Enough" Architecture • Stefan Tilkov](https://i.ytimg.com/vi/PzEox3szeRc/default.jpg)
![GOTO 2016 • Leadership at Every Level • Liz Keogh](https://i.ytimg.com/vi/g5daBsy3ZEA/default.jpg)
![GOTO 2019 • An Engineer's Guide To Burnout And How To Hack It • Tim Duckett](https://i.ytimg.com/vi/jfQ5M6wXi2w/default.jpg)
![GOTO 2019 • Modern Continuous Delivery • Ken Mugrage](https://i.ytimg.com/vi/wjF4X9t3FMk/default.jpg)
![GOTO 2018 • Introduction to OAuth 2.0 and OpenID Connect • Philippe De Ryck](https://i.ytimg.com/vi/GyCL8AJUhww/default.jpg)
![The Parts of JWT Security Nobody Talks About | Philippe De Ryck, Google Developer Expert](https://i.ytimg.com/vi/DPrhem174Ws/default.jpg)
![The truth about cookies, tokens and APIs - Phillipe de Ryck](https://i.ytimg.com/vi/-zD11ubPsFM/default.jpg)
![GOTO 2019 • Monolith Decomposition Patterns • Sam Newman](https://i.ytimg.com/vi/9I9GdSQ1bbM/default.jpg)
!["Reviewing and Securing React Applications" - Amanvir Sangha](https://i.ytimg.com/vi/8sPxTurpbe8/default.jpg)
![GOTO 2017 • Why is Rust Successful? • Florian Gilcher](https://i.ytimg.com/vi/-Tj8Q12DaEQ/default.jpg)
![Getting Single Page Application Security Right by Philippe De Ryck](https://i.ytimg.com/vi/UFPGOvDrTOk/default.jpg)
![GOTO 2020 • Talking With Tech Leads • Patrick Kua](https://i.ytimg.com/vi/F81W-JcRgXM/default.jpg)
![Gary Hockin - Understanding the OWASP Top 10](https://i.ytimg.com/vi/qMkiZ3Ehv5M/default.jpg)
![GOTO 2018 • Event-Driven Microservices - not (just) about Events! • Allard Buijze](https://i.ytimg.com/vi/DzGuDNHsOQ0/default.jpg)
![Principles Of Microservices by Sam Newman](https://i.ytimg.com/vi/PFQnNFe27kU/default.jpg)
![Building Secure React Applications by Jim Manico](https://i.ytimg.com/vi/Vxf2B2waKgw/default.jpg)
![GOTO 2019 • You Really Don't Need All that JavaScript, I Promise • Stuart Langridge](https://i.ytimg.com/vi/rxlJRydqmk8/default.jpg)
![GOTO 2017 • Confusion In The Land Of The Serverless • Sam Newman](https://i.ytimg.com/vi/aZlrv-0PE_c/default.jpg)