A builder’s guide to Single Page Application security

Frontend JavaScript frameworks such as Angular and React disrupt the traditional web security landscape, and finding reliable security advice is hard. This workshop provides Angular and React developers with the answers to all their security questions.

  • Nov 29
    Oslo Spektrum
    2 days
    08:00 - 16:00 UTC
    Philippe De Ryck
    13 490 NOK

In this workshop, you discover best practices for building secure frontend applications. We investigate how to use and configure security mechanisms available in modern browsers. We explore what security measures are built into Angular and React, along with common mistakes that circumvent these protections. Additionally, we discuss scenarios that address frequent questions, including secure data storage in the browser and the use of OAuth 2.0 and OpenID Connect.


This course offers practical and immediately applicable security advice for architects and developers. Throughout the course, Philippe is available to answer any questions, including concrete scenarios applying to your own applications.
Concretely, we will cover the following topics:

  • The security model of the web
  • Configuring modern security headers
  • XSS in modern frontend applications
  • CSP as a defense against XSS
  • CSP deployment strategies for SPAs
  • Countering advanced XSS with Trusted Types
  • Using OAuth 2.0 and OpenID Connect in SPAs
  • Securing OAuth 2.0 tokens in JS frontends


This workshop consists of a mixture of lectures, demos, interactive quizzes, and hands-on labs. The lectures provide in-depth knowledge of attacks and defenses. The hands-on labs are conducted in a custom-built competitive training environment, allowing participants to gain hands-on experience with offensive and defensive technologies.

Who should attend?

This security training specifically targets modern web developers. Anyone involved in building single-page applications (e.g., Angular, React) or managing development teams should be here. This training course is not just any training course. It is packed with in-depth and up-to-date content. We do not merely brush over a threat and defense but focus on the underlying cause and consequences. Why do we have this problem? Which mitigations are often used? Why are some ineffective? Which one is the current best practice? These are the questions that will be answered throughout the training.


Prerequisites

To participate in this training, you should have development experience with single-page applications and the underlying APIs. Familiarity with the basics of security (e.g., simple XSS attacks) is helpful, but not required. The training will talk about Angular and React specifically, but also applies to other frameworks, such as EmberJS or Vue.js.

Computer Setup

To participate in the lab sessions, participants need an internet-accessible laptop with a modern browser installed (E.g., Chrome, Firefox).

Philippe De Ryck
Founder of Pragmatic Web Security, Google Developer Expert

Philippe De Ryck helps developers protect companies through better web security. His Ph.D. in web security from KU Leuven lies at the basis of his exceptional knowledge of the security landscape. As the founder of Pragmatic Web Security, Philippe delivers security training and security consulting to companies worldwide. His online course platform allows anyone to learn complex security topics at their own pace. Philippe is a Google Developer Expert and an Auth0 Ambassador for his community contributions on the security of web applications and APIs.

    NDC Conferences uses cookies to see how you use our website. We also have embeds from YouTube and Vimeo. How do you feel about that?