Abstract

Securing modern web applications is hard, really hard. Not only do you have to make the right architectural security decisions, but you also have to be aware of various implementation vulnerabilities in both frontend apps and APIs. Common failures result in data extraction or complete system compromise.

In this training, we take a look at cutting-edge security techniques you can use to boost the security of your applications. We explore common vulnerabilities in modern applications and their recommended defenses. Additionally, we dive into coding guidelines and defense-in-depth strategies that allow you to increase the security of your applications.

Concretely, we will cover the following topics in this hands-on training:

• The security model of modern web applications
• Cross-Site Scripting problems in modern frontends
• Deploying Content Security Policy in modern applications
• Using Trusted Types to eradicate XSS vulnerabilities
• JWT security failures in modern applications
• API security testing to avoid common misconfigurations
• Server-Side Request Forgery (SSRF) attacks and defenses
• Q & A throughout the workshop

Who should attend?

This security training specifically targets developers and architects building modern web frontends / APIs. Anyone involved in building, testing, and designing modern applications should be here. This training course gives you an up-to-date and in-depth look at current security best practices. We do not merely brush over a threat and defense but focus on the underlying cause and consequences. Why do we have this problem? Which mitigations are often used? Why are some ineffective? Which one is the current best practice? These are the questions that will be answered throughout the training.

Prerequisites

To participate in this training, you should have development experience with web applications and APIs. Familiarity with the basics of security is helpful but not required. The training will include Angular / React / NodeJS / Java Spring examples but is just as relevant for other frameworks and technologies.

Computer setup

To participate in the lab sessions, participants need a computer with a full-featured modern browser installed (E.g., Chrome, Firefox).