Dominik Kundel: XSS, CSRF, CSP, JWT, WTF? IDK ¯\_(ツ)_/¯ | JSConf Iceland 2018
https://2018.jsconf.is/speakers/dominik-kundel/
Robert'); DROP TABLE Students;-- The little Bobby Tables is embodying the classical fear of SQL injections when building web applications.
However, SQL injections are just one aspect of things we need to worry about when building web applications. With the recent popularity of Angular, React and other Single Page Application frameworks we got more logic executing on the front-end create new problems and make you forget about others.
In this talk you will learn about XSS, CSRF, CORS, JWT, HTTPS, SPAs, REST APIs and other weird abbreviations, how to protect yourself and your users from the new generation of Bobby Tables.
Видео Dominik Kundel: XSS, CSRF, CSP, JWT, WTF? IDK ¯\_(ツ)_/¯ | JSConf Iceland 2018 канала JSConf
Robert'); DROP TABLE Students;-- The little Bobby Tables is embodying the classical fear of SQL injections when building web applications.
However, SQL injections are just one aspect of things we need to worry about when building web applications. With the recent popularity of Angular, React and other Single Page Application frameworks we got more logic executing on the front-end create new problems and make you forget about others.
In this talk you will learn about XSS, CSRF, CORS, JWT, HTTPS, SPAs, REST APIs and other weird abbreviations, how to protect yourself and your users from the new generation of Bobby Tables.
Видео Dominik Kundel: XSS, CSRF, CSP, JWT, WTF? IDK ¯\_(ツ)_/¯ | JSConf Iceland 2018 канала JSConf
Показать
Комментарии отсутствуют
Информация о видео
Другие видео канала
CSRF Tutorial - A Guide to Better Understand and Defend Against Cross-Site Request Forgery (CSRF)
Opher Vishnia: Wait, you can do that with JavaScript…!? | JSConf Iceland 2018
What the heck is the event loop anyway? | Philip Roberts | JSConf EU
Legendary Lambdas by Tejas Kumar | JSConf Budapest 2019
Bypassing CSRF Protections: A Double Defeat of the Double-Submit Cookie - David Johansson
How To Search For DOM-Based XSS!
Stored XSS via CSRF in *.sony.co.in | Video POC | Bug Bounty
Security in Node.JS - London Node User Group - August 2019
1 Hour of Popular Web Attacks (XSS, CSRF, SSRF, SQL Injection, MIME Sniffing, Smuggling and more!)
Protecting Forms from CSRF with PHP - Secure PHP Authentication System from Scratch Ep. 2
Why LocalStorage is Vulnerable to XSS (and cookies are too)
Cracking Websites with Cross Site Scripting - Computerphile
Cookies, Sessions, JSON Web Tokens (JWT) and More 🍪🔐
Cross Site Request Funkery Securing Your Angular Apps From Evil Doers | Dave Smith
How To Prevent The Most Common Cross Site Scripting Attack
Full Account Takeover by Adityawhitehat (CSRF) Ezmall (POC) | Unpatched | bug bounty
JSON Web Tokens Suck - Randall Degges (DevNet Create 2018)
The Ultimate guide to JWT client side authentication (Stop Using Local Storage !!!)
Sessions in Node #3 | Authentication in Node.js with Express and sessions | using Redis for sessions