Dominik Kundel: XSS, CSRF, CSP, JWT, WTF? IDK ¯\_(ツ)_/¯ | JSConf Iceland 2018
https://2018.jsconf.is/speakers/dominik-kundel/
Robert'); DROP TABLE Students;-- The little Bobby Tables is embodying the classical fear of SQL injections when building web applications.
However, SQL injections are just one aspect of things we need to worry about when building web applications. With the recent popularity of Angular, React and other Single Page Application frameworks we got more logic executing on the front-end create new problems and make you forget about others.
In this talk you will learn about XSS, CSRF, CORS, JWT, HTTPS, SPAs, REST APIs and other weird abbreviations, how to protect yourself and your users from the new generation of Bobby Tables.
Видео Dominik Kundel: XSS, CSRF, CSP, JWT, WTF? IDK ¯\_(ツ)_/¯ | JSConf Iceland 2018 канала JSConf
Robert'); DROP TABLE Students;-- The little Bobby Tables is embodying the classical fear of SQL injections when building web applications.
However, SQL injections are just one aspect of things we need to worry about when building web applications. With the recent popularity of Angular, React and other Single Page Application frameworks we got more logic executing on the front-end create new problems and make you forget about others.
In this talk you will learn about XSS, CSRF, CORS, JWT, HTTPS, SPAs, REST APIs and other weird abbreviations, how to protect yourself and your users from the new generation of Bobby Tables.
Видео Dominik Kundel: XSS, CSRF, CSP, JWT, WTF? IDK ¯\_(ツ)_/¯ | JSConf Iceland 2018 канала JSConf
Показать
Комментарии отсутствуют
Информация о видео
Другие видео канала
CSRF Tutorial - A Guide to Better Understand and Defend Against Cross-Site Request Forgery (CSRF)Opher Vishnia: Wait, you can do that with JavaScript…!? | JSConf Iceland 2018What the heck is the event loop anyway? | Philip Roberts | JSConf EULegendary Lambdas by Tejas Kumar | JSConf Budapest 2019Bypassing CSRF Protections: A Double Defeat of the Double-Submit Cookie - David JohanssonHow To Search For DOM-Based XSS!Stored XSS via CSRF in *.sony.co.in | Video POC | Bug BountySecurity in Node.JS - London Node User Group - August 20191 Hour of Popular Web Attacks (XSS, CSRF, SSRF, SQL Injection, MIME Sniffing, Smuggling and more!)Protecting Forms from CSRF with PHP - Secure PHP Authentication System from Scratch Ep. 2Why LocalStorage is Vulnerable to XSS (and cookies are too)Cracking Websites with Cross Site Scripting - ComputerphileCookies, Sessions, JSON Web Tokens (JWT) and More 🍪🔐Cross Site Request Funkery Securing Your Angular Apps From Evil Doers | Dave SmithHow To Prevent The Most Common Cross Site Scripting AttackFull Account Takeover by Adityawhitehat (CSRF) Ezmall (POC) | Unpatched | bug bountyJSON Web Tokens Suck - Randall Degges (DevNet Create 2018)The Ultimate guide to JWT client side authentication (Stop Using Local Storage !!!)Sessions in Node #3 | Authentication in Node.js with Express and sessions | using Redis for sessions